Jana Web Server Security Vulnerabilities and Issues — Jana Web Server CVE List

Lucene search

T. HauckJana Web Server

10 matches found

CVE•added 2002/10/04 4:0 a.m.•67 views

CVE-2002-1061

Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP GET request with a long major version number, (2) an HTTP GET request to the HTTP proxy on port 312...

7.5CVSS7.8AI score0.04556EPSS

CVE•added 2002/03/09 5:0 a.m.•50 views

CVE-2001-0558

T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).

5CVSS6.5AI score0.05875EPSS

CVE•added 2001/08/14 4:0 a.m.•47 views

CVE-2001-0557

T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e).

5CVSS6.7AI score0.12651EPSS

CVE•added 2002/10/04 4:0 a.m.•44 views

CVE-2002-1063

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of FTP PASV requests, which consumes all available FTP ports.

5CVSS7AI score0.00739EPSS

CVE•added 2002/10/04 4:0 a.m.•42 views

CVE-2002-1064

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.

5CVSS7.1AI score0.00996EPSS

CVE•added 2001/09/12 4:0 a.m.•40 views

CVE-1999-1082

Directory traversal vulnerability in Jana proxy web server 1.40 allows remote attackers to ready arbitrary files via a "......" (modified dot dot) attack.

5CVSS7.2AI score0.03054EPSS

CVE•added 2002/10/04 4:0 a.m.•40 views

CVE-2002-1065

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, does not restrict the number of unsuccessful login attempts, which makes it easier for remote attackers to gain privileges via brute force username and password guessing.

7.5CVSS7.5AI score0.00636EPSS

CVE•added 2001/09/12 4:0 a.m.•39 views

CVE-1999-1083

Directory traversal vulnerability in Jana proxy web server 1.45 allows remote attackers to ready arbitrary files via a .. (dot dot) attack.

5CVSS7.2AI score0.03054EPSS

CVE•added 2002/10/04 4:0 a.m.•38 views

CVE-2002-1066

Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack.

7.5CVSS8.7AI score0.01896EPSS

CVE•added 2002/10/04 4:0 a.m.•32 views

CVE-2002-1062

Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to execute arbitrary code via long (1) Username, (2) Password, or (3) Hostname entries.

7.5CVSS8.1AI score0.01922EPSS