EUVD-2012-2669

Malware in sbrugna...

Apache HTTPD Mod_negotiation Filename Bruter

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework modnegotiation bruter http://httpd.apache.org/docs/1.3/content-negotiation.html class MetasploitModule 'Apache HTTPD modnegotiation Filename Bruter', 'Description' = %q...

K17189: Apache HTTP server vulnerability CVE-2008-0456

Security Advisory Description CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP...

SUSE CVE-2008-0456

CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...

Apache mod_negotiation Alternative Filename Disclosure

Apache web server configured with modnegotiation and Multiviews enabled may, on receipt of a crafted invalid request with a extension-less filename return a pseudo directory listing of matching resources with known mime types. This feature may be abused by attackers to discover hidden resources o...

Apache HTTP Server XSS Vulnerability (Sep 2012) - Linux

Apache HTTP Server is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...

Arbitrary File Upload

The httpd packages contain the Apache HTTP Server httpd, which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the modnegotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews...

Cross-site Scripting (XSS)

Apache HTTP Server is vulnerable to cross-site scripting XSS attacks. The vulnerability exists in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticat...

Apache HTTP Server 'mod_negotiation' MultiViews Information Disclosure Vulnerability

Apache HTTP Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...

F5 Networks BIG-IP : Apache HTTP server vulnerability (SOL17201)

Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...

F5 Networks BIG-IP : Apache HTTP server vulnerability (SOL17189)

CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...

Oracle Solaris Third-Party Patch Update : apache (multiple_vulnerabilities_in_apache_http2)

The remote Solaris system is missing necessary patches to address security updates : - envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working...

F5 Networks BIG-IP : Apache HTTP server vulnerability (SOL15901)

Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...

Cloudflare: Apache mod_negotiation filename bruteforcing

Vulnerability description modnegotiation is an Apache module responsible for selecting the document that best matches the clients capabilities, from one of several available documents. If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error...

Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27409/info Apache 'modnegotiation' is prone to an HTML-injection and an HTTP response-splitting vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated...

Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)

No description provided by source. source: http://www.securityfocus.com/bid/2503/info Apache HTTPD is the Apache Web Server, freely distributed and actively maintained by the Apache Software Foundation. It is a freely available and widely used software package, included with various implementatio...

openSUSE Security Update : apache2 (openSUSE-SU-2013:0629-1)

apache2 was updated to fix : - fix for cross site scripting vulnerability in modbalancer. This is CVE-2012-4558 bnc807152 - fixes for low profile cross site scripting vulnerabilities, known as CVE-2012-3499 bnc806458 - Escape filename for the case that uploads are allowed with untrusted user's...

CentOS Update for httpd CESA-2013:0512 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RedHat Update for httpd RHSA-2013:0512-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Low: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Updated httpd packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which giv...