65 matches found
CentOS 5 : httpd (CESA-2013:0130)
Updated httpd packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2013:0130 Updated httpd packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common...
RHEL 5 : httpd (RHSA-2013:0130)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0130 advisory. - httpd: modnegotiation XSS via untrusted file names in directories with MultiViews enabled CVE-2008-0455, CVE-2012-2687 - httpd:...
Ubuntu Update for apache2 USN-1627-1
Ubuntu Update for Linux kernel vulnerabilities USN-1627-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16271.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for apache2 USN-1627-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...
Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : apache2 vulnerabilities (USN-1627-1)
It was discovered that the modnegotiation module incorrectly handled certain filenames, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output durin...
Ubuntu: Security Advisory (USN-1627-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-1627-1: Apache HTTP Server vulnerabilities
It was discovered that the modnegotiation module incorrectly handled certain filenames, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output durin...
FreeBSD : apache22 -- several vulnerabilities (65539c54-2517-11e2-b9d6-20cf30e32f6d)
Apache HTTP SERVER PROJECT reports:low: XSS in modnegotiation when untrusted uploads are supported CVE-2012-2687 Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. low: insecure LDLIBRARYPATH handling CVE-2012-0883 This issue wa...
Mandriva Linux Security Advisory : apache (MDVSA-2012:154-1)
Multiple vulnerabilities has been found and corrected in apache ASF HTTPD : Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an...
Apache security vulnerabilities
modnegotiation crossite scripting, local shared library privilege escalation...
Apache 2.2 < 2.2.23 Multiple Vulnerabilities
Binary data 6576.prm...
Apache 2.2.x < 2.2.23 Multiple Vulnerabilities
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.23. It is, therefore, potentially affected by the following vulnerabilities : - The utility 'apachectl' can receive a zero-length directory name in the LDLIBRARYPATH via the 'envvars' file. A local...
apache22 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: low: XSS in modnegotiation when untrusted uploads are supported CVE-2012-2687 Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. low: insecure LDLIBRARYPATH handling CVE-2012-0883 This issue w...
Apache 2.4.x < 2.4.3 Multiple Vulnerabilities
According to its banner, the version of Apache 2.4.x running on the remote host is prior 2.4.3. It is, therefore, affected by the following vulnerabilities : - An input validation error exists related to 'modnegotiation', 'Multiviews' and untrusted uploads that can allow cross-site scripting...
Apache 2.4.1, 2.4.2 Multiple Vulnerabilities
Binary data 6550.prm...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...
CVE-2012-2687
Apache HTTP Server 2.4.x before 2.4.3 is affected by CVE-2012-2687 due to XSS in the mod_negotiation make_variant_list function (mod_negotiation.c) when MultiViews is enabled. The vulnerability arises from improper handling of crafted filenames during variant list construction, allowing remote at...
CVE-2012-2687
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...
CVE-2012-2687
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...
Apache Httpd < 2.2.23 : XSS in mod_negotiation when untrusted uploads are supported
Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. Note: This issue is also known as CVE-2008-0455...