Xerver Security Vulnerabilities and Issues — Xerver CVE List

XerverXerver

7 matches found

CVE•added 2002/06/11 4:0 a.m.•57 views

CVE-2002-0448

CVE-2002-0448 affects Xerver Free Web Server up to version 2.10, where a crafted HTTP request containing many C:/ sequences can cause the server to crash (remote DoS). The vulnerability is triggered through the HTTP request handling path and is exploitable remotely with no authentication. CVSS v2...

5CVSS6.7AI score0.14913EPSS

CVE•added 2009/10/05 7:0 p.m.•54 views

CVE-2009-3561

Summary of CVE-2009-3561 : A directory traversal vulnerability in the Xerver HTTP Server (version 4.32) allows remote attackers to read arbitrary files by supplying a drive-letter path in the currentPath parameter of the chooseDirectory action. The flaw is exposed in the management interface runn...

5CVSS6.6AI score0.02796EPSS

CVE•added 2005/10/23 4:0 a.m.•53 views

CVE-2005-3293

CVE-2005-3293 affects Xerver before v4.20. Two information-disclosure vectors are described: (1) appending a trailing dot to a script URL to obtain its source code, and (2) sending a request with a trailing null character (%00) to list directory contents. Evidence from NVD/CVE records confirms vu...

5CVSS6.9AI score0.03488EPSS

CVE•added 2009/10/05 7:0 p.m.•48 views

CVE-2009-3544

CVE-2009-3544 affects Xerver HTTP Server 4.32. A remote attacker can disclose the source of a web page by sending a crafted HTTP request with ::$DATA appended after the filename, leading to information disclosure. Multiple sources (NVD/OpenVAS/Seebug) confirm the vulnerability and its impact as s...

5CVSS6.6AI score0.02587EPSS

Web

CVE•added 2009/10/05 7:0 p.m.•48 views

CVE-2009-3562

CVE-2009-3562 affects Xerver HTTP Server 4.32. The XSS vulnerability is triggered in the management interface when action=chooseDirectory and the currentPath parameter is not properly validated, allowing remote attackers to inject arbitrary scripts/HTML. Affected product: Xerver HTTP Server (core...

2.6CVSS5.6AI score0.01486EPSS

CVE•added 2006/04/13 10:0 a.m.•45 views

CVE-2005-4774

The provided data identifies CVE-2005-4774 as a cross-site scripting (XSS) vulnerability in Xerver 4.17. The vulnerability allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI, potentially affecting users who view the modified URL. The initia...

4.3CVSS5.7AI score0.01751EPSS

CVE•added 2002/06/11 4:0 a.m.•42 views

CVE-2002-0447

CVE-2002-0447 concerns the Xerver Free Web Server (versions 2.10 and earlier). The vulnerability is a directory traversal in which an attacker can use .. in an HTTP GET request to list arbitrary directories. The CVE entry explicitly states this allows remote access to directory listings, indicati...

5CVSS7.2AI score0.02276EPSS