Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : Apache httpd redux (SSA:2006-130-01)

New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a bug with Apache 1.3.35 and glibc that breaks wildcards in Include directives. It may not occur with all versions of glibc, but it has been verified on -current using an Include within a file...

Apache Httpd < 1.3.35 : Expect header Cross-Site Scripting

A flaw in the handling of invalid Expect headers. If an attacker can influence the Expect header that a victim sends to a target site they could perform a cross-site scripting attack. It is known that some versions of Flash can set an arbitrary Expect header which can trigger this flaw. Not marke...

Cross site scripting

Cross-site scripting XSS vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated...

CVE-2006-1681

Cross-site scripting XSS vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated...

CVE-2006-1681

CVE-2006-1681 affects Cherokee HTTPD 0.5 and earlier. A cross-site scripting vulnerability exists where a malformed request that leads to an HTTP 400 error is not properly handled in the error message, allowing remote attackers to inject arbitrary script/HTML into a victim’s browser. Impact descr...

CVE-2006-1681

Cross-site scripting XSS vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated...

Mandrake Linux Security Advisory : php (MDKSA-2006:063)

A vulnerability was discovered where the htmlentitydecode function would return a chunk of memory with length equal to the string supplied, which could include php code, php ini data, other user data, etc. Note that by default, Corporate 3.0 and Mandriva Linux LE2005 ship with magicquotesgpc on...

Design/Logic Flaw

AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with 1 dot and 2 space characters in the file extension...

CVE-2006-1598

AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with 1 dot and 2 space characters in the file extension...

CVE-2006-1598

Summary: CVE-2006-1598 affects AN HTTPD 1.42n and possibly earlier versions (before 1.42p). Vulnerability: Remote attackers can obtain the source code of scripts by sending crafted requests that exploit specific dot and space characters in the file extension. Impact: Information disclosure (confi...

CVE-2006-1598

AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with 1 dot and 2 space characters in the file extension...

D-Link DWL-G700AP httpd DoS

author: l0om page: www.excluded.org product: D-Link DWL-G700AP firmware: tested on v2.00 and the latest v2.01 The DWL-G700AP is an accesspoint from D-Link and the only way to configure it is the http service which is managed from a httpd called "CAMEO". This webserver is very easy to DoS because...

D-Link DWL-G700AP 2.002.01 - HTTPd Denial of Service

D-Link DWL-G700AP 2.002.01 - HTTPd Denial of Service // source: https://www.securityfocus.com/bid/16690/info D-Link DWL-G700AP HTTPD is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the 'httpd' service to properly handle malformed data. An attacker can explo...

D-Link DWL-G700AP 2.00/2.01 - HTTPd Denial of Service

// source: https://www.securityfocus.com/bid/16690/info D-Link DWL-G700AP HTTPD is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the 'httpd' service to properly handle malformed data. An attacker can exploit this issue to crash the affected webserver,...

Update Protection against A Format String Vulnerability in mod_auth_pgsql for Apache

A vulnerability exists in multiple versions of an authentication module modauthpgsql for Apache httpd. To exploit this vulnerability, a user can supply specially crafted information to trigger a flaw in certain logging functions of the module. Successful exploitation could result in the execution...

[SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 935-1 [email protected] http://www.debian.org/security/ Michael Stone January 10, 2006 http://www.debian.org/security/faq -...

iDefense Security Advisory 01.09.06: Multiple Vendor mod_auth_pgsql Format String Vulnerability

Multiple Vendor modauthpgsql Format String Vulnerability iDefense Security Advisory 01.09.06 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367 January 09, 2006 I. BACKGROUND The modauthpgsql apache module allows user authentication against information stored in a PostgreSQL...

mod_auth_pgsql security update

CentOS Errata and Security Advisory CESA-2006:0164 Updated modauthpgsql packages that fix format string security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The modauthpgsql...

httpd cross-site scripting flaw in mod_imap

Cross-site scripting XSS vulnerability in the modimap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps...

CVE-2005-4857

eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service Apache httpd segmentation fault via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a...