Lucene search
K

60 matches found

Tenable Nessus
Tenable Nessus
added 2013/04/10 12:0 a.m.42 views

SuSE 10 Security Update : Apache (ZYPP Patch Number 8530)

Apache2 has been updated to fix multiple XSS flaws. - Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server potentially allowed remote attackers to inject arbitrary...

4.3CVSS7.4AI score0.22913EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2013/03/05 12:0 a.m.47 views

Debian DSA-2637-1 : apache2 - several issues

Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2012-3499 The modules modinfo, modstatus, modimagemap, modldap, and modproxyftp did not properly escape hostnames and URIs in HTML output, causing cross site scripting vulnerabilities. - CVE-2012-4558 Modproxybalancer did n...

4.6CVSS7.2AI score0.22913EPSS
Exploits3References8
securityvulns
securityvulns
added 2013/03/02 12:0 a.m.62 views

Apache security vulnerabilities

modinfo, modstatus, modimagemap, modldap, modproxyftp, modproxybalancer crossite scripting...

4.3CVSS1.6AI score0.22913EPSS
Exploits3References1Affected Software1
seebug.org
seebug.org
added 2013/02/28 12:0 a.m.457 views

Apache HTTP Server多个模块主机名和URI跨站脚本漏洞

BUGTRAQ ID: 58165 CVECAN ID: CVE-2012-3499 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server 2.4.4及之前版本在实现上存在多个XSS漏洞,通过模块1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, 5 modstatus内的主机名和URI,远程攻击者可利用此漏洞注入任意js脚本和HTML。 0 Apache Group HTTP Server 2.4.x Apache Group HTTP Server 2.2.x 厂商补丁: Apache...

4.3CVSS6.5AI score0.22913EPSS
Exploits2
seebug.org
seebug.org
added 2013/02/28 12:0 a.m.594 views

Apache HTTP Server balancer_handler函数跨站脚本漏洞(CVE-2012-4558)

BUGTRAQ ID: 58165 CVECAN ID: CVE-2012-4558 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server被报告存在多个漏洞,攻击者能利用这些漏洞进行跨站脚本攻击。 1)modinfo, modldap, modstatus, modimagemap, 以及modproxyftp模块中某些与hostnames和URI相关的输入没有经过正确的检查即返回给用户。 2)传递给modproxybalancer模块管理接口的某些不确定输入没有经过正确检查即返回给用户。...

4.3CVSS6.3AI score0.22913EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2013/02/27 12:0 a.m.70 views

Apache 2.2.x < 2.2.24 Multiple XSS Vulnerabilities

According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.24. It is, therefore, potentially affected by the following cross-site scripting vulnerabilities : - Errors exist related to the modules modinfo, modstatus, modimagemap, modldap, and modproxyftp and...

4.3CVSS7.3AI score0.22913EPSS
Exploits3References4
NVD
NVD
added 2013/02/26 4:55 p.m.26 views

CVE-2012-3499

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

4.3CVSS5.5AI score0.22913EPSS
Exploits2References39
Prion
Prion
added 2013/02/26 4:55 p.m.25 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

4.3CVSS5.9AI score0.22913EPSS
Exploits2References39Affected Software1
Debian CVE
Debian CVE
added 2013/02/26 4:0 p.m.46 views

CVE-2012-3499

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

4.3CVSS6AI score0.22913EPSS
Exploits2
Cvelist
Cvelist
added 2013/02/26 4:0 p.m.56 views

CVE-2012-3499

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

5.5AI score0.22913EPSS
Exploits2References39
UbuntuCve
UbuntuCve
added 2013/02/26 12:0 a.m.41 views

CVE-2012-3499

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

4.3CVSS7.1AI score0.22913EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2013/02/26 12:0 a.m.67 views

Apache 2.4.x < 2.4.4 Multiple XSS Vulnerabilities

According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.4. It is, therefore, affected by the following cross-site scripting vulnerabilities : - Errors exist related to the modules modinfo, modstatus, modimagemap, modldap, and modproxyftp and unescaped...

4.3CVSS7.3AI score0.22913EPSS
Exploits3References4
Oracle linux
Oracle linux
added 2013/02/22 12:0 a.m.76 views

httpd security, bug fix, and enhancement update

2.2.15-26.0.1.el6 - replace index.html with Oracle's index page oracleindex.html update vstring in specfile 2.2.15-26 - htcacheclean: exit with code 4 also for 'restart' action 805810 2.2.15-25 - htcacheclean: exit with code 4 if nonprivileged user runs initscript 805810 - rotatelogs: omit the...

5CVSS0.2AI score0.82756EPSS
Exploits16
Oracle linux
Oracle linux
added 2013/01/11 12:0 a.m.55 views

httpd security, bug fix, and enhancement update

2.2.3-74.0.1.el5 - fix modssl always performing full renegotiation Joe Jin orabug 12423387 - replace index.html with Oracle's index page oracleindex.html - update vstring and distro in specfile 2.2.3-74 - further %post scriptlet fix 752618, 867736 2.2.3-73 - fix %post scriptlet output 752618,...

4.3CVSS6.5AI score0.6477EPSS
Exploits4
FreeBSD
FreeBSD
added 2012/10/07 12:0 a.m.43 views

apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: low: XSS due to unescaped hostnames CVE-2012-3499 Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp. moderate: XSS in modproxybalancer CVE-2012-4558 A XSS flaw affected the...

4.3CVSS6.1AI score0.22913EPSS
Exploits3
Apache Httpd
Apache Httpd
added 2012/07/11 12:0 a.m.53 views

Apache Httpd < 2.4.4 : XSS due to unescaped hostnames

Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp...

4.3CVSS0.9AI score0.22913EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
added 2012/07/11 12:0 a.m.86 views

Apache Httpd < 2.2.24 : XSS due to unescaped hostnames

Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp...

4.3CVSS0.9AI score0.22913EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2009/04/09 12:0 a.m.12 views

Mandriva Update for proftpd MDKA-2007:089 (proftpd)

Check for the Version of proftpd OpenVAS Vulnerability Test Mandriva Update for proftpd MDKA-2007:089 proftpd Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Exploits0References2
seebug.org
seebug.org
added 2007/04/20 12:0 a.m.56 views

ProFTPD AUTH多个验证模块安全绕过漏洞

proftpd是一款流行的开放源代码的FTP服务程序。 proftpd在AUTH API上存在一个错误,远程攻击者可以利用漏洞可以绕过安全限制,未授权访问。 由于FTP协议需要分开USER和PASS命令,ProFTPD独立的通过USER对用户数据进行检查,而当PASS接收到时对用户的验证进行校验。因此这些组合使ProFTPD允许多个同步Auth模块存在如modauthunix, modsql, modldap,可能导致某个验证模块提供用户数据modauthunix而另一个模块验证用户数据如modsql. 当验证模块modsql配置成使用底限制的验证策略,如: SQLAuthTypes...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/01/15 12:0 a.m.32 views

Mandrake Linux Security Advisory : apache2 (MDKSA-2005:233)

A memory leak in the worker MPM in Apache 2 could allow remote attackers to cause a Denial of Service memory consumption via aborted commands in certain circumstances, which prevents the memory for the transaction pool from being reused for other connections. As well, this update addresses two bu...

5CVSS5.5AI score0.1419EPSS
Exploits0References1
Rows per page
Query Builder