11 matches found
CVE-2008-0455
CVE-2008-0455 is an XSS vulnerability in the mod_negotiation module of Apache HTTP Server. A remote authenticated attacker can upload a file whose name contains XSS sequences and a file extension, causing arbitrary script/HTML to be injected into HTTP responses (notably for 406 Not Acceptable or ...
CVE-2008-2939
CVE-2008-2939 is an XSS vulnerability in the Apache HTTP Server when using the mod_proxy_ftp module. The flaw arises from insufficient sanitization of user-supplied data in FTP URIs, specifically involving a wildcard in the last directory component of the pathname. A remote attacker could inject ...
CVE-2007-6423
The CVE-2007-6423 issue concerns Apache HTTP Server 2.2.x on Windows, where mod_proxy_balancer could trigger memory corruption through a long URL. The Red Hat advisory notes the vulnerability as unspecified and unreproducible by the vendor, while Red Hat indicates that Apache 2.2.7-dev contains a...
CVE-2008-0456
CVE-2008-0456 : CRLF injection in the mod_negotiation module of Apache HTTP Server (versions 2.2.x up to 2.2.6, 2.0.x up to 2.0.61, and 1.3.x up to 1.3.39) allows remote authenticated users to upload a file with a multi-line name containing HTTP header sequences, enabling injection into HTTP resp...
CVE-2008-2364
The CVE-2008-2364 entry concerns the Apache HTTP Server mod_proxy, specifically the ap_proxy_http_process_response function in the mod_proxy_http.c file for Apache versions 2.0.63 and 2.2.8. The issue is that it does not cap the number of forwarded interim responses, which can lead to memory exha...
CVE-2007-6388
CVE-2007-6388 is an XSS vulnerability in Apache HTTP Server mod_status when the server-status page is enabled. The initial description covers affected versions: Apache HTTP Server 2.2.0–2.2.6, 2.0.35–2.0.61, and 1.3.2–1.3.39, with arbitrary web script/HTML injection possible via unspecified vecto...
CVE-2007-6420
The CVE-2007-6420 issue is a CSRF vulnerability in the balancer-manager interface of Apache HTTP Server 2.2.x (mod_proxy_balancer). The vulnerability could allow remote attackers to gain privileges via unspecified vectors affecting the balancer-management UI. Connected advisories indicate multipl...
CVE-2007-6422
CVE-2007-6422 affects Apache HTTP Server 2.2.0–2.2.6 when using a threaded MPM. The vulnerability in the mod_proxy_balancer module allows remote authenticated users to cause a denial of service by triggering a crash of the Apache child process via an invalid bb variable. This is documented in mul...
CVE-2007-6421
CVE-2007-6421 is an XSS vulnerability in Apache HTTP Server 2.2.0–2.2.6 within the balancer-manager component of mod_proxy_balancer. An attacker could inject arbitrary script/HTML via the (1) ss, (2) wr, or (3) rr parameters, or via the URL. Affected product: Apache httpd 2.2.x (balancer-manager)...
CVE-2008-2168
CVE-2008-2168 : The linked SUSE/NVD entries describe a cross-site scripting (XSS) vulnerability in Apache HTTP Server up to version 2.2.6 and earlier, exploitable via UTF-7 encoded URLs that are mishandled when rendering the 403 Forbidden error page. Attacker-provided URL input can inject arbitra...
CVE-2008-0005
CVE-2008-0005 affects Apache httpd mod_proxy_ftp: versions prior to 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev do not define a charset, enabling remote XSS via UTF-7 encoding. Remediation per connected advisories: upgrade to patched Apache httpd versions that backport fixes f...