Apache 2 mod_ssl denial-of-service

Joe Orton reports a memory leak in Apache 2's modssl. A remote attacker may issue HTTP requests on an HTTPS port, causing an error. Due to a bug in processing this condition, memory associated with the connection is not freed. Repeated requests can result in consuming all available memory...

Apache mod_php and mod_perl file decriptor leak

Descriptor leakage allowws to spoof https session in child process...

Hijacking Apache https by mod_php

Product: PHP - modphp Versions: 4.2.x, 4.3.x / apache 2.0.x URL: http://www.php.net Impact: Daemon Hijacking Bug class: Leaked Descriptor Vendor notified: Yes Fix available: No Date: 12/26/03 Issue: ====== Modphp under apache 2.0.x leaks a critical file descriptor that can be used to takeover...

should be able to login only via https

you should be able to configure JIRA to login via HTTPS. this is almost possible in 2.4.1. You can specify an https URL in security-config.xml as the login.url parameter. this makes loing links from e.g. the issue view page work correctly. a slight problem here is that the session remiains in the...

should be able to login only via https

you should be able to configure JIRA to login via HTTPS. this is almost possible in 2.4.1. You can specify an https URL in security-config.xml as the login.url parameter. this makes loing links from e.g. the issue view page work correctly. a slight problem here is that the session remiains in the...

ISS RealSecure Server Sensor DoS

IF HTTPS request with invalid Unicode characters received service will shut down IIS service...

Secure HyperText Transfer Protocol (S-HTTP) Detection

The remote web server accepts connections encrypted using Secure HyperText Transfer Protocol S-HTTP, a cryptographic layer that was defined in 1999 by RFC 2660 and never widely implemented. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11720; scriptversion "1.20";...

12Planet Chat Server Administration Authentication Cleartext Credential Disclosure

The remote host is running 12Planet Chat Server, a web-based chat server written in Java. It is, therefore, affected by a credential disclosure vulnerability due to connections to this server being done via cleartext. A man-in-the-middle attacker can exploit this vulnerability to obtain the...

CommuniGate Pro Webmail 4.0.6 - Session Hijacking

!/usr/bin/perl Below is exploit code. Place it into cgi-bin, then recommended make symlink from DocumentRoot/AnyImage.gif to shj.pl, configure at least $url variable, and possible other vars and send victim HTML message with img src to your AnyImage.gif. When victim will read message, script will...

CVE-2002-0778

CVE-2002-0778 concerns Cisco’s Transparent Cache Engine / Content Engine proxy in its default configuration. The issue allows remote attackers to leverage HTTPS to initiate TCP connections to allowed IP addresses while concealing the true source IP. Documented impact: partial confidentiality, int...

security flaw

Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...

CVE-2002-1157

Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...

CVE-2002-1098

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound XML-Autoforward/in" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator...

CVE-2002-0778

The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP...

CVE-2002-0792

The web management interface for Cisco Content Service Switch CSS 11000 switches allows remote attackers to cause a denial of service soft reset via 1 an HTTPS POST request, or 2 malformed XML data...

CVE-2002-0792

The CVE-2002-0792 entry covers the Cisco Content Service Switch (CSS) 11000 series web management interface vulnerability. Reports from NVD and CERT indicate that remote attackers can trigger a denial-of-service by sending either an HTTPS POST request or malformed XML data, causing the device to ...

Cisco Content Service Switch reboots when HTTPS POST request is sent to web management interface

Overview The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to reboot affected devices. Description The Cisco Content Service Switch CSS products include support for the session and application layers. This additional functionality allows a CS...

HTTP proxy default configurations allow arbitrary TCP connections

Overview Multiple vendors' HTTP proxy services use insecure default configurations that could allow an attacker to make arbitrary TCP connections to internal hosts or to external third-party hosts. Description HTTP proxy services commonly support the HTTP CONNECT method, which is designed to crea...

CVE-2000-0739

Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. dot dot attack in an HTTPS request to the enrollment server...

Microsoft IIS 4.05.06.0 - Internal IP AddressInternal Network Name Disclosure

Microsoft IIS 4.05.06.0 - Internal IP AddressInternal Network Name Disclosure source: https://www.securityfocus.com/bid/3159/info A vulnerability has been discovered in Microsoft IIS that may disclose the internal IP address or internal network name to remote attackers. This vulnerability can be...