271 matches found
Apache Httpd < 1.3.22 : split-logfile can cause arbitrary log files to be written to
A vulnerability was found in the split-logfile support program. A request with a specially crafted Host: header could allow any file with a .log extension on the system to be written to...
Apache Httpd < 2.4.27 : Read after free in mod_http2
When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour...
Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure
An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...
Apache Httpd < 2.2.8 : mod_status XSS
A flaw was found in the modstatus module. On sites where modstatus is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available...
Apache Httpd < 2.2.8 : mod_proxy_balancer XSS
A flaw was found in the modproxybalancer module. On sites where modproxybalancer is enabled, a cross-site scripting attack against an authorized user is possible...
Apache Httpd < 2.2.31 : HTTP request smuggling attack against chunked request parser
An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use...
Apache Httpd < 2.4.3 : Response mixup when using mod_proxy_ajp or mod_proxy_http
The modules modproxyajp and modproxyhttp did not always close the connection to the back end server when necessary as part of error handling. This could lead to an information disclosure due to a response mixup between users...
Apache Httpd < 2.4.3 : XSS in mod_negotiation when untrusted uploads are supported
Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. Note: This issue is also known as CVE-2008-0455...
Apache Httpd < 2.0.37 : Apache Chunked encoding vulnerability
Malicious requests can cause various effects ranging from a relatively harmless increase in system resources through to denial of service attacks and in some cases the ability to execute arbitrary remote code...
Apache Httpd < 1.3.42 : mod_proxy overflow on 64-bit systems
An incorrect conversion between numeric types flaw was found in the modproxy module which affects some 64-bit architecture systems. A malicious HTTP server to which requests are being proxied could use this flaw to trigger a heap buffer overflow in an httpd child process via a carefully crafted...
Apache Httpd < 2.2.12 : AllowOverride Options handling bypass
A flaw was found in the handling of the "Options" and "AllowOverride" directives. In configurations using the "AllowOverride" directive with certain "Options=" arguments, local users were not restricted from executing commands from a Server-Side-Include script as intended...
Apache Httpd < 2.0.64 : mod_proxy_http DoS
A flaw was found in the handling of excessive interim responses from an origin server when using modproxyhttp. A remote attacker could cause a denial of service or high memory usage...
Apache Httpd < 2.0.51 : IPv6 URI parsing heap overflow
Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...
Apache Httpd < 2.2.12 : mod_proxy reverse proxy DoS
A denial of service flaw was found in the modproxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time...
Apache Httpd < 2.2.3 : mod_rewrite off-by-one error
An off-by-one flaw exists in the Rewrite module, modrewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely...
Apache Httpd < 1.3.27 : Error page XSS using wildcard DNS
Cross-site scripting XSS vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header...
Apache Httpd < 2.0.63 : mod_imagemap XSS
A flaw was found in the modimagemap module. On sites where modimagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible...
Apache Httpd < 2.2.9 : mod_proxy_balancer CSRF
The modproxybalancer provided an administrative interface that could be vulnerable to cross-site request forgery CSRF attacks...
Apache Httpd < 2.4.34 : mod_md, DoS via Coredumps on specially crafted requests
By specially crafting HTTP requests, the modmd challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server...
Apache Httpd < 2.2.14 : Solaris pollset DoS
Faulty error handling was found affecting Solaris pollset support Event Port backend caused by a bug in APR. A remote attacker could trigger this issue on Solaris servers which used prefork or event MPMs, resulting in a denial of service...
Apache Httpd < 2.2.8 : mod_imagemap XSS
A flaw was found in the modimagemap module. On sites where modimagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible...
Apache Httpd < 1.3.39 : Signals to arbitrary processes
The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...
Apache Httpd < 2.0.55 : Worker MPM memory leak
A memory leak in the worker MPM would allow remote attackers to cause a denial of service memory consumption via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. This issue was downgraded in severity to low from moderate as sucessful...
Apache Httpd < 2.4.4 : XSS due to unescaped hostnames
Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp...
Apache Httpd < 2.0.63 : mod_proxy_ftp UTF-7 XSS
A workaround was added in the modproxyftp module. On sites where modproxyftp is enabled and a forward proxy is configured, a cross-site scripting attack is possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616...
Apache Httpd < 2.2.6 : Signals to arbitrary processes
The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...
Apache Httpd < 1.3.32 : mod_proxy buffer overflow
A buffer overflow was found in the Apache proxy module, modproxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue an attacker would need to get an Apache installation that was configured as a proxy to connect to a malicious site. This would cau...
Apache Httpd < 2.2.34 : ap_find_token() Buffer Overread
The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force...
Apache Httpd < 2.2.12 : APR-util XML DoS
A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language XML parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine...
Apache Httpd < 2.2.10 : mod_proxy_ftp globbing XSS
A flaw was found in the handling of wildcards in the path of a FTP URL with modproxyftp. If modproxyftp is enabled to support FTP-over-HTTP, requests containing globbing characters could lead to cross-site scripting XSS attacks...
Apache Httpd < 1.3.37 : mod_rewrite off-by-one error
An off-by-one flaw exists in the Rewrite module, modrewrite. Depending on the manner in which Apache httpd was compiled, this software defect may result in a vulnerability which, in combination with certain types of Rewrite rules in the web server configuration files, could be triggered remotely...
Apache Httpd < 2.0.46 : APR remote crash
A vulnerability in the aprpsprintf function in the Apache Portable Runtime APR library allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via long strings, as demonstrated using XML objects to moddav, and possibly other vectors...
Apache Httpd < 2.0.40 : Path vulnerability
Certain URIs would bypass security and allow users to invoke or access any file depending on the system configuration. Affects Windows, OS2, Netware and Cygwin platforms only...
Apache Httpd < 2.0.40 : Path revealing exposures
A path-revealing exposure was present in multiview type map negotiation such as the default error documents where a module would report the full path of the typemapped .var file when multiple documents or no documents could be served. Additionally a path-revealing exposure in cgi/cgid when Apache...
Apache Httpd < 1.3.24 : Win32 Apache Remote command execution
Apache for Win32 before 1.3.24 and 2.0.34-beta allows remote attackers to execute arbitrary commands via parameters passed to batch file CGI scripts...
Apache Httpd < 2.0.64 : mod_cache and mod_dav DoS
A flaw was found in the handling of requests by modcache 2.2 and moddav 2.0 and 2.2. A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated a...
Apache Httpd < 2.2.14 : mod_proxy_ftp DoS
A NULL pointer dereference flaw was found in the modproxyftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service...
Apache Httpd < 2.0.53 : SSLCipherSuite bypass
An issue has been discovered in the modssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any...
Apache Httpd < 2.0.43 : CGI scripts source revealed using WebDAV
In Apache 2.0.42 only, for a location where both WebDAV and CGI were enabled, a POST request to a CGI script would reveal the CGI source to a remote user...
Apache Httpd < 2.4.16 : mod_lua: Crash in websockets PING handling
A stack recursion crash in the modlua module was found. A Lua script executing the r:wsupgrade function could crash the process if a malicious client sent a carefully crafted PING request. This issue affected releases 2.4.7 through 2.4.12 inclusive...
Apache Httpd < 2.0.65 : mod_rewrite log escape filtering
modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 1.3.39 : mod_status cross-site scripting
A flaw was found in the modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. Note that the server-status page is not enabled by default and it is best practice to not make this publicly...
Apache Httpd < 2.0.47 : mod_ssl renegotiation issue
A bug in the optional renegotiation code in modssl included with Apache httpd can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used SSLOptions +OptRenegotiate along with verification of client certificates and a change to the cipher suite over the...
Apache Httpd < 2.0.46 : Filtered escape sequences
Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.2.22 : mod_log_config crash
A flaw was found in modlogconfig. If the '%cookienameC' log format string is in use, a remote attacker could send a specific cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...
Apache Httpd < 2.2.17 : expat DoS
A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...
Apache Httpd < 1.3.29 : Local configuration regular expression overflow
By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...
Apache Httpd < 1.3.28 : RotateLogs DoS
The rotatelogs support program on Win32 and OS/2 would quit logging and exit if it received special control characters such as 0x1A...
Apache Httpd < 2.0.65 : Range header remote DoS
A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack. Advisory...
Apache Httpd < 2.2.10 : Timeout detection flaw (mod_proxy_http)
An information disclosure flaw was found in modproxyhttp in version 2.2.9 only, on Unix platforms. Under certain timeout conditions, the server could return a response intended for another user. Only those configurations which trigger the use of proxy worker pools are affected. There was no...