2 results (0.004 seconds)

CVSS: 10.0EPSS: 1%CPEs: 17EXPL: 0

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. Desbordamiento de búfer basado en el montón en proxy_util.c de mod_proxy en Apache 1.3.25 a 1.3.31 permite a atacantes remotos causar un denegación de servicio (caída del proceso) y posiblemente ejecutar código de su elección mediante un campo de cabecera HTTP Content-Length negativo, lo que causa que una gran cantidad de datos sean copiados. • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://marc.info/?l=bugtraq&m=108711172710140&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://rhn.redhat.com/errata/RHSA-2004-245.html http://seclists.org/lists/fulldisclosure/2004/Jun/0296.html http://secunia.com/advisories/11841 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1 http://sunsolve.s •

CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. • http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html http://www.ciac.org/ciac/bulletins/p-049.shtml http://www.securityfocus.com/bid/9571 http://www.securitytracker.com/alerts/2004/Dec/1012414.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18347 •