lighttpd < 1.4.16 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.16. It is, therefore, affected by multiple vulnerabilities : - modauth allows remote attackers to cause a denial of service via unspecified vectors involving 1 a memory leak, 2 use of md5-sess without a...

Oracle Application Server 9.0 HTTP Service Mod_Access Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13418/info Oracle HTTP ServerOHS of Oracle Application Server is prone to an access restriction bypass vulnerability. It is possible to configure a list of forbidden URIs in OHS. This is accomplished using 'modaccess'. A...

Apache mod_access 1.3.29 安全模式绕过漏洞

No description provided by source...

Fedora 7 : lighttpd-1.4.16-1.fc7 (2007-1299)

This security bugfix release fixes a header parsing bug, various modauth bugs, a modaccess bug and a modfastcgi local DOS bug. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

Debian DSA-1362-2 : lighttpd - several vulnerabilities

Several vulnerabilities were discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitrary code via the overflow of CGI variables when modfcgi was enabled. The Common Vulnerabilities and Exposures project identifies the following problems : -...

[SECURITY] [DSA 1362-1] New lighttpd packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1362 [email protected] http://www.debian.org/security/ Steve Kemp August 29th, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

CVE-2007-3949

modaccess.c in lighttpd 1.4.15 ignores trailing / slash characters in the URL, which allows remote attackers to bypass url.access-deny settings...

Apache mod_access rule bypass

The target is running an Apache web server that may not properly handle access controls. In effect, on big-endian 64-bit platforms, Apache fails to match allow or deny rules containing an IP address but not a netmask. OpenVAS has determined the vulnerability exists only by looking at the Server...

Apache HTTP Server 'mod_access' Rule Bypass Vulnerability

The target is running an Apache web server that may not properly handle access controls. SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

FreeBSD : Apache 1.3 IP address access control failure on some 64-bit platforms (09d418db-70fd-11d8-873f-0020ed76ef5a)

Henning Brauer discovered a programming error in Apache 1.3's modaccess that results in the netmasks in IP address access control rules being interpreted incorrectly on 64-bit, big-endian platforms. In some cases, this could cause a deny from' IP address access control rule including a netmask to...

CVE-2005-1383

The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server modaccess restrictions via a request to the webcache TCP port 7778...

CVE-2005-1383

The CVE-2005-1383 issue affects Oracle Application Server’s Oracle HTTP Server (OHS) when UseWebCacheIP is disabled. An attacker can bypass mod_access restrictions by sending a request to the webcache TCP port 7778, leading to unauthorized access to protected resources. Connected advisories confi...

CVE-2005-1383

The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server modaccess restrictions via a request to the webcache TCP port 7778...

Oracle Application Server Webcache Requests OHS mod_access Restriction Bypass

The version of Oracle HTTP Server OHS installed on the remote host fails to prevent users from accessing protected URLs by using the Web Cache rather than OHS directly. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid18181; scriptversion"1.17";...

Oracle Application Server 9.0 - HTTP Service Mod_Access Restriction Bypass

source: https://www.securityfocus.com/bid/13418/info Oracle HTTP ServerOHS of Oracle Application Server is prone to an access restriction bypass vulnerability. It is possible to configure a list of forbidden URIs in OHS. This is accomplished using 'modaccess'. A URI that is listed is not supposed...

Oracle Application Server Web Cache OHS mod_access Authentication Bypass

Binary data 2866.prm...

Oracle Application Server 9.0 - HTTP Service Mod_Access Restriction Bypass

Oracle Application Server 9.0 - HTTP Service ModAccess Restriction Bypass source: https://www.securityfocus.com/bid/13418/info Oracle HTTP ServerOHS of Oracle Application Server is prone to an access restriction bypass vulnerability. It is possible to configure a list of forbidden URIs in OHS. Th...

CVE-2003-0993

CVE-2003-0993 concerns Apache 1.3.x mod_access on big-endian 64-bit systems. The issue arises because Allow/Deny rules that specify IP addresses without a netmask are not parsed correctly, potentially allowing remote attackers to bypass access restrictions. Multiple OpenVAS entries and vendor adv...

GLSA-200405-22 : Apache 1.3: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200405-22 Apache 1.3: Multiple vulnerabilities On 64-bit big-endian platforms, modaccess does not properly parse Allow/Deny rules using IP addresses without a netmask which could result in failure to match certain IP addresses...