2151 matches found
CVE-2011-3368
CVE-2011-3368 affects the Apache HTTP Server’s mod_proxy in reverse-proxy configurations. The vulnerability arises when using (1) RewriteRule with the [P] flag or (2) ProxyPassMatch; a remote attacker can craft a URI starting with an initial @ character to force the proxy to connect to an interna...
Apache 1.3 -- mod_proxy reverse proxy exposure
Apache HTTP server project reports: An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...
CVE-2011-3368
The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...
Apache Httpd < 1.3-never : mod_proxy reverse proxy exposure
An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...
Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure
An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...
Apache Httpd < 2.0.65 : mod_proxy reverse proxy exposure
An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...
Nginx 0.7.650.8.39 (dev) - Source Disclosure Download
Nginx 0.7.650.8.39 dev - Source Disclosure Download TITLE: NGINX ENGINE X SERVER http://nginx.org/en/ ref-1 ======TESTED VERSIONS===== Unix versions are not vulnerable it only affects to NTFS file system Windows Stable versions: nginx/0.7.66 -- Not vulnerable nginx/0.7.65 -- Vulnerable nginx/0.7....
Cross site request forgery (csrf)
DISPUTED The Command Line Interface aka Server CLI or administration interface in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to 1 execute arbitrary code via a...
CVE-2009-2936
The Command Line Interface aka Server CLI or administration interface in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to 1 execute arbitrary code via a vcl.inline...
CVE-2009-2936
The Command Line Interface aka Server CLI or administration interface in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to 1 execute arbitrary code via a vcl.inline...
CVE-2009-2936
The Command Line Interface aka Server CLI or administration interface in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to 1 execute arbitrary code via a vcl.inline...
CVE-2009-2936
DISPUTED The Command Line Interface aka Server CLI or administration interface in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to 1 execute arbitrary code via a...
Medium security hole in Varnish reverse proxy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20090908 Date: 26th September 2009 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: Varnish 2.0.4 http://www.varnish-cache.org/ Vendor:...
[SECURITY] Fedora 11 Update: nginx-0.7.64-1.fc11
Nginx engine x is an HTTPS server, HTTPS reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev...
[SECURITY] Fedora 10 Update: nginx-0.7.64-1.fc10
Nginx engine x is an HTTPS server, HTTPS reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev...
[SECURITY] Fedora 12 Update: nginx-0.7.64-1.fc12
Nginx engine x is an HTTPS server, HTTPS reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev...
[SECURITY] Fedora 10 Update: nginx-0.7.62-1.fc10
Nginx engine x is an HTTPS server, HTTPS reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev...
[SECURITY] Fedora 11 Update: nginx-0.7.62-1.fc11
Nginx engine x is an HTTPS server, HTTPS reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev...
[SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1884-1 [email protected] http://www.debian.org/security/ Nico Golde September 14th, 2009 http://www.debian.org/security/faq -...
DSA-1884-1 nginx - arbitrary code execution
Bulletin has no description...