CVE-1999-0236

The CVE-1999-0236 entry describes a vulnerability in the ScriptAlias directory handling in NCSA and Apache httpd that allowed attackers to read CGI programs. Affected software is the Apache httpd family utilizing ScriptAlias configuration; the underlying issue is directory handling enabling discl...

CVE-1999-0071

CVE-1999-0071 affects the Apache httpd server prior to 1.1.2 (versions 1.1.1 and earlier) due to a cookie header buffer overflow. The root cause is a vulnerable handling of the HTTP Cookie header (too long name/value) that can cause the server to crash. Some connected sources describe the impact ...

CVE-2000-1206

Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using modrewrite, or modvhostalias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files...

Debian 2.1 - HTTPd

Debian 2.1 - HTTPd source: https://www.securityfocus.com/bid/318/info The Debian GNU/Linux 2.1 apache package by default allows anyone to view /usr/doc via the web, remotely. This is because srm.conf is preconfigured with the line: Alias /doc/ /usr/doc/ Boa is also preconfigured this way. lynx...

Netscape FastTrack Server 3.0.1 - Fasttrack Root Directory Listing

Netscape FastTrack Server 3.0.1 - Fasttrack Root Directory Listing source: https://www.securityfocus.com/bid/481/info Netscape's Fasttrack server is supposed to display a directory listing if the follwing three conditions are met: 1: Directory listing is enabled 2: No filename is specified in the...

Apache Httpd < 1.3.2 : Multiple header Denial of Service vulnerability

A serious problem exists when a client sends a large number of headers with the same header name. Apache uses up memory faster than the amount of memory required to simply store the received data itself. That is, memory use increases faster and faster as more headers are received, rather than...

textcounter.pl 1.2 - Arbitrary Command Execution

textcounter.pl 1.2 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2265/info textcounter.pl is distributed through Matt's Scripts archive, and provides added features to httpd servers such as counters, guestbooks, and http cookie management. Due to insufficient checking of...

CVE-1999-0071

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier...

PT-1997-1036 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache httpd versions 1.1.1 and earlier Description: The issue is related to a cookie buffer overflow. Recommendations: For versions 1.1.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this...

NCSA httpd-campas 1.2 - sample script

NCSA httpd-campas 1.2 - sample script source: https://www.securityfocus.com/bid/1975/info Campas is a sample CGI script shipped with some older versions of NCSA HTTPd, an obsolete web server package. The versions that included the script could not be determined as the server is no longer...

NCSA httpd-campas 1.2 - sample script

source: https://www.securityfocus.com/bid/1975/info Campas is a sample CGI script shipped with some older versions of NCSA HTTPd, an obsolete web server package. The versions that included the script could not be determined as the server is no longer maintained, but version 1.2 of the script itse...

SGI IRIX 6.3 - cgi-bin &#039;webdist.cgi&#039; Command Execution

source: https://www.securityfocus.com/bid/374/info A vulnerability exists in the webdist.cgi program, as shipped by Silicon Grpahics Inc with the Irix operating system. This vulnerability will allow any remote user to execute arbitrary commands on an affected machine. Commands will be executed wi...

NCSA HTTPd 1.x - Remote Buffer Overflow (1)

NCSA HTTPd 1.x - Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/3158/info NCSA HTTPd is a free, open-source web server for nix systems. NCSA HTTPd versions 1.3 and earlier are prone to an exploitable buffer overflowin the username field which will allow malicious remote use...

NCSA HTTPd 1.x - Remote Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/3158/info NCSA HTTPd is a free, open-source web server for nix systems. NCSA HTTPd versions 1.3 and earlier are prone to an exploitable buffer overflowin the username field which will allow malicious remote users to execute arbitrary code with the...

CVE-1999-0236

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs...

Apache 1.1 / NCSA HTTPd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi

Apache Replace with the hostname of a server running a web daemon near you...

Apache 0.8.x1.0.x NCSA HTTPd 1.x - test-cgi Directory Listing

Apache 0.8.x1.0.x NCSA HTTPd 1.x - test-cgi Directory Listing source: https://www.securityfocus.com/bid/2003/info NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an "ECHO" command in quotes, and as a result "shel...

Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - &#039;test-cgi&#039; Directory Listing

source: https://www.securityfocus.com/bid/2003/info NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an "ECHO" command in quotes, and as a result "shell expansion" of the character can occur under some...

NCSA HTTPd 1.x - Remote Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/3158/info NCSA HTTPd is a free, open-source web server for nix systems. NCSA HTTPd versions 1.3 and earlier are prone to an exploitable buffer overflowin the username field which will allow malicious remote users to execute arbitrary code with the...

NCSA HTTPd 1.x - Remote Buffer Overflow (2)

NCSA HTTPd 1.x - Remote Buffer Overflow 2 // source: https://www.securityfocus.com/bid/3158/info NCSA HTTPd is a free, open-source web server for nix systems. NCSA HTTPd versions 1.3 and earlier are prone to an exploitable buffer overflowin the username field which will allow malicious remote use...