NullLogic Null HTTPd 0.5 - Error Page Cross-Site Scripting

source: https://www.securityfocus.com/bid/5603/info NullLogic Null HTTPd is a small multithreaded webserver for Linux and Windows. It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. As a result, when an innocent user follows such a link,...

CVE-2000-1206

CVE-2000-1206 describes a vulnerability in Apache httpd prior to 1.3.11 where mass virtual hosting using mod_rewrite or mod_vhost_alias (in Apache 1.3.9) can allow remote attackers to retrieve arbitrary files. The affected component is the httpd web server and its name-based hosting configuration...

CERN Proxy Server: Cross-Site Scripting Vulnerability

CERN Proxy Server: Cross-Site Scripting Vulnerability ===================================================== Affected: CERN HTTPD 3.0A http://www.w3.org/Daemon/Activity.html Vendor Status: CERN httpd team [email protected] was notified on Aug 10, 2001 but they did not respond. Exploit:...

W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting

W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting source: https://www.securityfocus.com/bid/5447/info CERN httpd is a freely available HTTP server and HTTP proxy server available from the W3C. The httpd Proxy is vulnerable to a cross site scripting attack. The condition is present because of the wa...

W3C CERN HTTPd 3.0 Proxy - Cross-Site Scripting

source: https://www.securityfocus.com/bid/5447/info CERN httpd is a freely available HTTP server and HTTP proxy server available from the W3C. The httpd Proxy is vulnerable to a cross site scripting attack. The condition is present because of the way URLS are displayed in error messages. It is...

Apache Httpd < 2.0.40 : Path vulnerability

Certain URIs would bypass security and allow users to invoke or access any file depending on the system configuration. Affects Windows, OS2, Netware and Cygwin platforms only...

CodeBlue 5.1 - SMTP Response Buffer Overflow

CodeBlue 5.1 - SMTP Response Buffer Overflow // source: https://www.securityfocus.com/bid/5300/info CodeBlue is an Apache httpd log scanning utility that attempts to contact the administrators of hosts infected with worms. A buffer overflow vulnerability has been reported in CodeBlue. The conditi...

Moderate: Red Hat Security Advisory: mod_ssl security update

Updated modssl packages are now available for Red Hat Advanced Server. These updates incorporate a fix for an incorrect bounds check in versions of modssl up to and including version 2.8.9. The modssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL a...

Apache Httpd < 2.0.40 : Path revealing exposures

A path-revealing exposure was present in multiview type map negotiation such as the default error documents where a module would report the full path of the typemapped .var file when multiple documents or no documents could be served. Additionally a path-revealing exposure in cgi/cgid when Apache...

Apache Httpd < 1.3.26 : Apache Chunked encoding vulnerability

Malicious requests can cause various effects ranging from a relatively harmless increase in system resources through to denial of service attacks and in some cases the ability to execute arbitrary remote code...

Apache Httpd < 2.0.37 : Apache Chunked encoding vulnerability

Malicious requests can cause various effects ranging from a relatively harmless increase in system resources through to denial of service attacks and in some cases the ability to execute arbitrary remote code...

Apache Httpd < 2.0.36 : Warning messages could be displayed to users

In some cases warning messages could get returned to end users in addition to being recorded in the error log. This could reveal the path to a CGI script for example, a minor security exposure...

apache + .htpasswd - bypass pwd check

Hi yesterday I managed to bypass the pwd check when using .htpasswd. The problem now is that Im not sure how to secure it. Okej let say that user ivan have protected his /home/ivan/publichtml/topsecret directory. And on the samer server we have the user johan, from his publichtml directory we mak...

Buffer overflo in TUX HTTPD and SYN Cookie protection bypass

Buffer overflow on long HTTP HOST header. By using Syncookie it's possible to bypass packet filtering...

BPM Studio Pro 4.2 - HTTPd Directory Traversal

source: https://www.securityfocus.com/bid/4198/info BPM Studio Pro is a shareware MP3 mixer and player. It runs on Microsoft Windows operating systems. BPM Studio Pro includes a HTTP server for managing the player via a web interface. The BPM Studio Pro HTTPD does not adequately filter...

Apache 1.3 - Artificially Long Slash Path Directory Listing (2)

Apache 1.3 - Artificially Long Slash Path Directory Listing 2 // source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package,...

Apache 1.3 - Artificially Long Slash Path Directory Listing (2)

// source: https://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementations of the UNIX operating system...

Apache Httpd < 1.3.24 : Win32 Apache Remote command execution

Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to execute arbitrary commands via parameters passed to batch file CGI scripts...

Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service

Anti-Web HTTPd 2.2 Script - Engine File Opening Denial of Service source: https://www.securityfocus.com/bid/3782/info Anti-Web HTTPD is a freely available, open source web server designed for use on the Linux platform. It is maintained by Doug Hoyte. Under certain circumstances awhttpd reacts...

[AP] awhttpd v2.2 local DoS

-- ------------------------- -- - AngryPacket Security Advisory - -- ------------------------- -- - +--------------------- -- - + advisory information +------------------ -- - author: methodic [email protected] release date: 01/03/2002 homepage: http://sec.angrypacket.com...