29 matches found
EUVD-2012-2669
Malware in sbrugna...
SUSE CVE-2012-2687
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...
Arbitrary File Upload
The httpd packages contain the Apache HTTP Server httpd, which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the modnegotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews...
RATELIMITED: Apache mod_negotiation filename bruteforcing https://api.ratelimited.me
The Apache modnegotiation module allowed for filename bruteforcing and information disclosure through a 406 Not Acceptable error response. This vulnerability has been fixed by disabling the MultiViews directive in Apache's configuration file and restarting the server...
Apache HTTP Server 'mod_negotiation' MultiViews Information Disclosure Vulnerability
Apache HTTP Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...
Cloudflare: Apache mod_negotiation filename bruteforcing
Vulnerability description modnegotiation is an Apache module responsible for selecting the document that best matches the clients capabilities, from one of several available documents. If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error...
Cloudflare: Bug Report
Vulnerability description modnegotiation is an Apache module responsible for selecting the document that best matches the clients capabilities, from one of several available documents. If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error...
Cloudflare: Apache Multiviews are enabled
You have enabled Apache Multiviews on your server that pose a potential risk. Turn this feature off...
httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...
httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...
RHEL 5 : httpd (RHSA-2013:0130)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0130 advisory. - httpd: modnegotiation XSS via untrusted file names in directories with MultiViews enabled CVE-2008-0455, CVE-2012-2687 - httpd:...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.0.1 update
Updated JBoss Enterprise Application Platform 6.0.1 packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...
httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...
httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...
httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...
Mandriva Linux Security Advisory : apache (MDVSA-2012:154-1)
Multiple vulnerabilities has been found and corrected in apache ASF HTTPD : Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an...
apache22 -- several vulnerabilities
Apache HTTP SERVER PROJECT reports: low: XSS in modnegotiation when untrusted uploads are supported CVE-2012-2687 Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. low: insecure LDLIBRARYPATH handling CVE-2012-0883 This issue w...
Apache 2.4.1, 2.4.2 Multiple Vulnerabilities
Binary data 6550.prm...
DEBIAN-CVE-2012-2687
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...
CVE-2012-2687
Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...