60 matches found
SuSE 10 Security Update : Apache (ZYPP Patch Number 8530)
Apache2 has been updated to fix multiple XSS flaws. - Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server potentially allowed remote attackers to inject arbitrary...
Debian DSA-2637-1 : apache2 - several issues
Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2012-3499 The modules modinfo, modstatus, modimagemap, modldap, and modproxyftp did not properly escape hostnames and URIs in HTML output, causing cross site scripting vulnerabilities. - CVE-2012-4558 Modproxybalancer did n...
Apache security vulnerabilities
modinfo, modstatus, modimagemap, modldap, modproxyftp, modproxybalancer crossite scripting...
Apache HTTP Server多个模块主机名和URI跨站脚本漏洞
BUGTRAQ ID: 58165 CVECAN ID: CVE-2012-3499 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server 2.4.4及之前版本在实现上存在多个XSS漏洞,通过模块1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, 5 modstatus内的主机名和URI,远程攻击者可利用此漏洞注入任意js脚本和HTML。 0 Apache Group HTTP Server 2.4.x Apache Group HTTP Server 2.2.x 厂商补丁: Apache...
Apache HTTP Server balancer_handler函数跨站脚本漏洞(CVE-2012-4558)
BUGTRAQ ID: 58165 CVECAN ID: CVE-2012-4558 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server被报告存在多个漏洞,攻击者能利用这些漏洞进行跨站脚本攻击。 1)modinfo, modldap, modstatus, modimagemap, 以及modproxyftp模块中某些与hostnames和URI相关的输入没有经过正确的检查即返回给用户。 2)传递给modproxybalancer模块管理接口的某些不确定输入没有经过正确检查即返回给用户。...
Apache 2.2.x < 2.2.24 Multiple XSS Vulnerabilities
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.24. It is, therefore, potentially affected by the following cross-site scripting vulnerabilities : - Errors exist related to the modules modinfo, modstatus, modimagemap, modldap, and modproxyftp and...
CVE-2012-3499
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
CVE-2012-3499
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
CVE-2012-3499
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
CVE-2012-3499
Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...
Apache 2.4.x < 2.4.4 Multiple XSS Vulnerabilities
According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.4. It is, therefore, affected by the following cross-site scripting vulnerabilities : - Errors exist related to the modules modinfo, modstatus, modimagemap, modldap, and modproxyftp and unescaped...
httpd security, bug fix, and enhancement update
2.2.15-26.0.1.el6 - replace index.html with Oracle's index page oracleindex.html update vstring in specfile 2.2.15-26 - htcacheclean: exit with code 4 also for 'restart' action 805810 2.2.15-25 - htcacheclean: exit with code 4 if nonprivileged user runs initscript 805810 - rotatelogs: omit the...
httpd security, bug fix, and enhancement update
2.2.3-74.0.1.el5 - fix modssl always performing full renegotiation Joe Jin orabug 12423387 - replace index.html with Oracle's index page oracleindex.html - update vstring and distro in specfile 2.2.3-74 - further %post scriptlet fix 752618, 867736 2.2.3-73 - fix %post scriptlet output 752618,...
apache22 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: low: XSS due to unescaped hostnames CVE-2012-3499 Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp. moderate: XSS in modproxybalancer CVE-2012-4558 A XSS flaw affected the...
Apache Httpd < 2.4.4 : XSS due to unescaped hostnames
Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp...
Apache Httpd < 2.2.24 : XSS due to unescaped hostnames
Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp...
Mandriva Update for proftpd MDKA-2007:089 (proftpd)
Check for the Version of proftpd OpenVAS Vulnerability Test Mandriva Update for proftpd MDKA-2007:089 proftpd Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
ProFTPD AUTH多个验证模块安全绕过漏洞
proftpd是一款流行的开放源代码的FTP服务程序。 proftpd在AUTH API上存在一个错误,远程攻击者可以利用漏洞可以绕过安全限制,未授权访问。 由于FTP协议需要分开USER和PASS命令,ProFTPD独立的通过USER对用户数据进行检查,而当PASS接收到时对用户的验证进行校验。因此这些组合使ProFTPD允许多个同步Auth模块存在如modauthunix, modsql, modldap,可能导致某个验证模块提供用户数据modauthunix而另一个模块验证用户数据如modsql. 当验证模块modsql配置成使用底限制的验证策略,如: SQLAuthTypes...
Mandrake Linux Security Advisory : apache2 (MDKSA-2005:233)
A memory leak in the worker MPM in Apache 2 could allow remote attackers to cause a Denial of Service memory consumption via aborted commands in certain circumstances, which prevents the memory for the transaction pool from being reused for other connections. As well, this update addresses two bu...