K3144: Apache mod_alias buffer overflow vulnerability CAN-2003-0542

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

SUSE CVE-2018-19052

An issue was discovered in modaliasphysicalhandler in modalias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific modalias configuration where the matched alias lacks a trailing '/' character, but the alias target...

Security update for lighttpd (moderate)

openSUSE Security Update: Security update for lighttpd Announcement ID: openSUSE-SU-2019:2347-1 Rating: moderate References: 1087369 1111733 1115016 1153722 Cross-References: CVE-2018-19052 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports...

lighttpd < 1.4.50 Multiple Vulnerabilities

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.50. It is, therefore, affected by the following vulnerabilities according to its release notes: - An unspecified potential path traversal in modalias - An unspecified user-after-free in core - An unspecifi...

DEBIAN-CVE-2018-19052

An issue was discovered in modaliasphysicalhandler in modalias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific modalias configuration where the matched alias lacks a trailing '/' character, but the alias target...

CVE-2018-19052

The CVE-2018-19052 issue affects lighttpd’s mod_alias_physical_handler (mod_alias.c): when a configured alias lacks a trailing '/' but the target path has one, there is potential directory traversal to the parent of the alias target. Public advisories confirm this vulnerability across multiple di...

MGASA-2018-0430 Updated lighttpd packages fix security vulnerabilities

Updated lighttpd package fixes security vulnerabilities: Potential path traversal with specific configs or in some use cases in modalias. use-after-free invalid Range requests in core. Process headers after combining folded headers in core. Skip username "." and ".." in moduserdir...

Updated lighttpd packages fix security vulnerabilities

Updated lighttpd package fixes security vulnerabilities: Potential path traversal with specific configs or in some use cases in modalias. use-after-free invalid Range requests in core. Process headers after combining folded headers in core. Skip username "." and ".." in moduserdir...

Apache on Windows mod_alias URL Validation Canonicalization CGI Source Information Disclosure

The version of Apache running on the remote Windows host can be tricked into disclosing the source of its CGI scripts because of a configuration issue. Specifically, if the CGI directory is located within the document root, then requests that alter the case of the directory name will bypass the...

SOL3144 - Apache mod_alias buffer overflow vulnerability - CAN-2003-0542

Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures. Although the Configuration utility for F5...

Apache CGI脚本源码信息泄露漏洞

Apache是一款开放源代码WEB服务程序。 Apache的modalias模块在支持区分大小写目录名的文件系统上处理区分大小写的别名指令参数时存在规范化错误。如果攻击者访问有大写的目录名（如CGI-BIN）的URL的话，就可以在ScriptAlias指令引用了文档根目录中目录的某些非默认配置中泄漏cgi-bin目录中应用程序的源码。 有漏洞配置示例： DocumentRoot "path/docroot/" ScriptAlias /cgi-bin/ "/path/docroot/cgi-bin" Apache Group Apache 2.2.2 for Windows 临时解决方法...

Apache on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure

The version of Apache for Windows running on the remote host can be tricked into disclosing the source of its CGI scripts because of a configuration issue. Specifically, if the CGI directory is located within the document root, then requests that alter the case of the directory name will bypass t...

HP-UX PHSS_30154 : HPSBUX0401-305 SSRT4681 Apache 1.3.29 web server on VVOS

s700800 11.04 Virtualvault 4.6 OWS update : Multiple stack-based buffer overflows in modalias and modrewrite modules for Apache versions prior to 1.3.29. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch PHSS3015...

HP-UX PHSS_30160 : HPSBUX0401-305 SSRT4681 Apache 1.3.29 web server on VVOS

s700800 11.04 Virtualvault 4.5 OWS update : Multiple stack-based buffer overflows in modalias and modrewrite modules for Apache versions prior to 1.3.29. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch PHSS3016...

Mandrake Linux Security Advisory : apache (MDKSA-2003:103)

A buffer overflow in modalias and modrewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file .htaccess o...

security flaw

Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures...

Apache mod_alias vulnerable to buffer overflow via crafted regular expression

Overview A vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional...

security flaw

Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures...

DEBIAN-CVE-2003-0542

Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures...

Apache < 1.3.29 Multiple Modules Local Overflow

The remote host appears to be running a version of the Apache web server which is older than 1.3.29. Such versions are reportedly affected by local buffer overflow vulnerabilities in the modalias and modrewrite modules. An attacker could exploit these vulnerabilities to execute arbitrary code in...