AN HTTPD 1.42 - Arbitrary Log Content Injection

AN HTTPD 1.42 - Arbitrary Log Content Injection source: https://www.securityfocus.com/bid/13069/info AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation. Corruption of logs ma...

AN HTTPD 1.42 - Arbitrary Log Content Injection

source: https://www.securityfocus.com/bid/13069/info AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation. Corruption of logs may result in concealing attacks and/or misleading...

AN HTTPD - 'CMDIS.dll' Remote Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/13066/info AN HTTPD is reported prone to a remote buffer overflow vulnerability. Specifically, the issue presents itself in 'cmdIS.DLL' which calls the 'GetEnvironmentStrings' function to copy environment variables into a finite sized process buffer. The...

CVE-2005-1087

CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request...

Exploit Labs Security Advisory 2005.2

------------------------------------------------------------ - EXPL-A-2005-002 exploitlabs.com Advisory 031 - ------------------------------------------------------------ - Samsung ADSL Modem - AFFECTED PRODUCTS ================= Samsung ADSL Modem Samgsung Eletronics http://www.samsung.com DETAI...

[Full-disclosure] Samsung ADSL Modem Vulnerability

------------------------------------------------------------ - EXPL-A-2005-002 exploitlabs.com Advisory 031 - ------------------------------------------------------------ - Samsung ADSL Modem - AFFECTED PRODUCTS ================= Samsung ADSL Modem Samgsung Eletronics http://www.samsung.com DETAI...

CERN httpd CGI Name Handling Remote Overflow

The remote web server stopped responding after sending it a GET request for a CGI script with a arbitrary long file name. This is known to trigger a heap overflow in some servers like CERN HTTPD. An attacker may use this flaw to disrupt the remote service and possibly even run malicious code on t...

CERN httpd Double Slash Protected Webpage Bypass

The remote web server allows an attacker to access protected web pages by replacing slashes in the URL with '//' or '/./', which is a known problem in older versions of CERN web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17230; scriptversion"1.19";...

AWStats 5.7 6.2 - Multiple Remote

AWStats 5.7 6.2 - Multiple Remote / AWStats v5.7 - v6.2 sileAWSxpl This exploit utilize three methods for exploiter the vulnerability found on AWStats software. an user can execute remote code on vulnerable machine, with httpd privileges. References: www.securityfocus.org/bid/12543 coded by:...

AWStats 5.7 < 6.2 - Multiple Remote

/ AWStats v5.7 - v6.2 sileAWSxpl This exploit utilize three methods for exploiter the vulnerability found on AWStats software. an user can execute remote code on vulnerable machine, with httpd privileges. References: www.securityfocus.org/bid/12543 coded by: Silentium of Anacron Group Italy date:...

CVE-2004-2096

Cross-site scripting XSS vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL...

Fedora Core 3 : httpd-2.0.52-3.1 (2004-421)

This update includes the fix for a memory consumption denial of service issue in the handling of request header lines CVE-2004-0942. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...

Fedora Core 2 : httpd-2.0.51-2.9 (2004-420)

Thu Nov 11 2004 Joe Orton 2.0.51-2.9 - add fix for memory consumption DoS, CVE-2004-0942 - modssl: add fix for SSLCipherSuite bypass, CVE-2004-0885 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

RHEL 3 : httpd (RHSA-2004:562)

Updated httpd packages that include fixes for two security issues, as well as other bugs, are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An issue has been discovered in the modssl module when configured to use the 'SSLCipherSuit...

Apache Httpd < 2.0.53 : Memory consumption DoS

An issue was discovered where the field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server the ability to cause Apache children to consume proportional amounts of memory, leading to a denial of...

apache mod_include buffer overflow vulnerability

There is a buffer overflow in a function used by modinclude that may enable a local user to gain privileges of a httpd child. Only users that are able to create SSI documents can take advantage of that vulnerability...

Apache Httpd < 1.3.33 : mod_include overflow

A buffer overflow in modinclude could allow a local user who is authorised to create server side include SSI files to gain the privileges of a httpd child...

Apache Httpd < 2.0.53 : SSLCipherSuite bypass

An issue has been discovered in the modssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any...

[Full-Disclosure] iDEFENSE Security Advisory 09.29.04 - Macromedia JRun 4 mod_jrun Apache Module Buffer Overflow Vulnerability

Macromedia JRun 4 modjrun Apache Module Buffer Overflow Vulnerability iDEFENSE Security Advisory 09.29.04 www.idefense.com/application/poi/display?id=145&type=vulnerabilities September 29, 2004 I. BACKGROUND Macromedia JRun 4 is a full Java 2 Enterprise Edition J2EE compatible application server...

Fedora Core 2 : httpd-2.0.51-2.7 (2004-313)

Tue Sep 21 2004 Joe Orton 2.0.51-2.7 - aprgetlinecore fix from Rici Lake - Tue Sep 21 2004 Joe Orton 2.0.51-2.6 - fix 2.0.51 regression in Satisfy merging CVE-2004-0811 - Thu Sep 16 2004 Joe Orton 2.0.51-2.5 - modssl: prevent SIGHUP-triggers-SIGSEGV after upgrade from 2.0.50 - revert...