Page 10 of 105 results (0.005 seconds)

CVSS: 5.0EPSS: 96%CPEs: 1EXPL: 1

Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. • https://www.exploit-db.com/exploits/855 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028248.html http://marc.info/?l=bugtraq&m=110384374213596&w=2 http://secunia.com/advisories/19072 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm ht •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 3

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. • https://www.exploit-db.com/exploits/587 https://www.exploit-db.com/exploits/24694 http://marc.info/?l=bugtraq&m=109906660225051&w=2 http://secunia.com/advisories/12898 http://secunia.com/advisories/19073 http://securitytracker.com/id?1011783 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.apacheweek.com/features/security-13 http://www.debian.org/security/2004/dsa-594 http:/& • CWE-131: Incorrect Calculation of Buffer Size •

CVSS: 5.0EPSS: 0%CPEs: 50EXPL: 0

PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information. PHP 4.3.4 y anteriores en Apache 1.x y 2.x (mod_php) pude filtrar variables globales entre servidores virtuales con diferente configuración que son manejadas por el mismo proceso hijo de Apache, lo que podría permitir a atacantes remotos obtener información sensible. • http://security.gentoo.org/glsa/glsa-200402-01.xml http://www.osvdb.org/3878 http://www.securityfocus.com/bid/9599 https://exchange.xforce.ibmcloud.com/vulnerabilities/15072 •

CVSS: 10.0EPSS: 1%CPEs: 17EXPL: 0

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. Desbordamiento de búfer basado en el montón en proxy_util.c de mod_proxy en Apache 1.3.25 a 1.3.31 permite a atacantes remotos causar un denegación de servicio (caída del proceso) y posiblemente ejecutar código de su elección mediante un campo de cabecera HTTP Content-Length negativo, lo que causa que una gran cantidad de datos sean copiados. • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://marc.info/?l=bugtraq&m=108711172710140&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://rhn.redhat.com/errata/RHSA-2004-245.html http://seclists.org/lists/fulldisclosure/2004/Jun/0296.html http://secunia.com/advisories/11841 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1 http://sunsolve.s •

CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 2

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. Vulnerabilidad de atravesamiento de directorios en Apache 1.3.29 y anteriores, y Apache 2.0.48 y anteriores, cuando se ejecuta sobre Cygwin, permite a atacantes remotos leer ficheros arbitrarios mediante una URL conteniendo secuencias "..%5C" (punto punto barra atrás codificada) • https://www.exploit-db.com/exploits/23751 http://issues.apache.org/bugzilla/show_bug.cgi?id=26152 http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017740.html http://marc.info/?l=bugtraq&m=107765545431387&w=2 http://secunia.com/advisories/10962 http://www.apacheweek.com/issues/04-03-12 http://www.securityfocus.com/bid/9733 https://exchange.xforce.ibmcloud.com/vulnerabilities/15293 •