JVN#30451602 HTTPD-User-Manage cross-site scripting vulnerability

Impact A malicious script may be executed on the web browser of the user who can access HTTPD-User-Manage. Solution Products Affected HTTPD-User-Manage 1.62 and earlier...

MacOS X Finder reveals contents of Apache Web files

MacOS X creates a hidden file, '.FBCIndex' in each directory that has been viewed with the Finder. This file contains the content of the files present in the directory, giving an attacker information on the HTML tags, JavaScript, passwords, or any other sensitive word used inside those files...

OmniPro HTTPd 2.08 scripts source full disclosure

OmniPro HTTPd 2.08 suffers from a security vulnerability that permits malicious users to get the full source code of scripting files. By appending an ASCII/Unicode space char '%20' at the script suffix, the web server will no longer interpret it and rather send it back clearly as a simple documen...

SOCKS4 Username Overflow DoS Vulnerability

It was possible to kill the remote SOCKS4 server by sending a request with a too long username. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

HTTP Negative Content-Length DoS Vulnerability

The Savant web server was crashed by sending an invalid GET HTTP request with a negative Content-Length field. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

CERN httpd Access Control Bypass Vulnerability - Active Check

CERN httpd is prone to an access control bypass vulnerability. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OmniPro HTTPd <= 2.08 Scripts Source Full Disclosure Vulnerability - Active Check

OmniPro HTTPd suffers from a security vulnerability that permits malicious users to get the full source code of scripting files. SPDX-FileCopyrightText: 2001 INTRANODE Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CERN HTTPD access control bypass

It is possible to access protected web pages by changing / with // or /./ This was a bug in old versions of CERN web server A work around consisted in rejecting patterns like: // // /./ /./ OpenVAS Vulnerability Test $Id: cernhttpdaccessctrl.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: CE...

Oracle 9iAS Jsp Source File Reading

In a default installation of Oracle 9iAS it is possible to read the source of JSP files. When a JSP is requested it is compiled 'on the fly' and the resulting HTML page is returned to the user. Oracle 9iAS uses a folder to hold the intermediate files during compilation. These files are created in...

CERN httpd CGI name heap overflow

It was possible to kill the remote web server by requesting GET /cgi-bin/A.AAAA...A HTTP/1.0 This is known to trigger a heap overflow in some servers like CERN HTTPD. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C...

Apache Httpd < 2.0.58 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

Apache Httpd < 1.3.35 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

Apache Httpd < 2.2.2 : mod_imap Referer Cross-Site Scripting

A flaw in modimap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers...

Hasbani-WindWeb/2.0 - GET Remote Denial of Service

/ . \ \ \ \ | | / | | | | \ / / /\ \ / \ | \ / / / / 26\09\05 / || / / i Title: Hasbani-WindWeb/2.0 - HTTP GET Remote DoS i Discovered by: Expanders i Exploit by: Expanders What is Hasbani-WindWeb/2.0 Hasbani server is a httpd created for menaging ethernet routers and adsl modems. Why HTTPD...

Apache Httpd < 2.0.55 : PCRE overflow

An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within httpd. A local user who has the ability to create .htaccess files could create a maliciously crafted regular expression in such as way that they could gain the privileges of a httpd child...

Apache Httpd < 2.0.55 : Worker MPM memory leak

A memory leak in the worker MPM would allow remote attackers to cause a denial of service memory consumption via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. This issue was downgraded in severity to low from moderate as sucessful...

Apache Httpd < 2.0.55 : Malicious CRL off-by-one

An off-by-one stack overflow was discovered in the modssl CRL verification callback. In order to exploit this issue the Apache server would need to be configured to use a malicious certificate revocation list CRL...

Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161)

A flaw was discovered in modssl's handling of the 'SSLVerifyClient' directive. This flaw occurs if a virtual host is configured using 'SSLVerifyClient optional' and a directive 'SSLVerifyClient required' is set for a specific location. For servers configured in this fashion, an attacker may be ab...

Fedora Core 3 : httpd-2.0.53-3.3 (2005-848)

This update includes two security fixes. An issue was discovered in modssl where 'SSLVerifyClient require' would not be honoured in location context if the virtual host had 'SSLVerifyClient optional' configured CVE-2005-2700. An issue was discovered in memory consumption of the byterange filter f...

Fedora Core 4 : httpd-2.0.54-10.2 (2005-849)

This update includes two security fixes. An issue was discovered in modssl where 'SSLVerifyClient require' would not be honoured in location context if the virtual host had 'SSLVerifyClient optional' configured CVE-2005-2700. An issue was discovered in memory consumption of the byterange filter f...