14 matches found
EUVD-2007-5779
Malware in sbrugna...
Apache Httpd < 2.4.10 : mod_status buffer overflow
A race condition was found in modstatus. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessibl...
Apache Httpd < 2.2.29 : mod_status buffer overflow
A race condition was found in modstatus. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessibl...
apache mod_status cross-site scripting
Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
httpd mod_status XSS
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
Hitachi Web Server Cross-Site Scripting Vulnerability with Server-Status Page
Overview When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines. The vulnerability does not affect the product if th...
apache mod_status cross-site scripting
Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
apache mod_status cross-site scripting
Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
DEBIAN-CVE-2007-6388
Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Apache Httpd < 2.0.63 : mod_status XSS
A flaw was found in the modstatus module. On sites where modstatus is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available...
CVE-2007-5809
Cross-site scripting XSS vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page...
CVE-2007-5809
Cross-site scripting XSS vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page...
httpd mod_status XSS
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
Apache Httpd < 2.2.6 : mod_status cross-site scripting
A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...