Page 10 of 66 results (0.040 seconds)

CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0

mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions. Apache 1.3 anteriores a 1.3.30, cuando se ejecuta en plataformas big-endian de 64 bits, no analiza adecuadamente reglas de aceptación/denegación usando direcciones IP sin máscara de red, lo que podría permitir a atacantes remotos saltarse las restricciones de acceso pretendidas. • http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046 http://issues.apache.org/bugzilla/show_bug.cgi?id=23850 http://marc.info/?l=apache-cvs&m=107869603013722 http://marc.info/?l=bugtraq&m=108437852004207&w=2 http://security.gentoo.org/glsa/glsa-200405-22.xml http://sunsolve.sun.com/search/document.do? •

CVSS: 7.5EPSS: 37%CPEs: 1EXPL: 0

Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket." Apache anteriores 2.0.49, cuando usa múltiples sockets en escucha en ciertas plataformas, permite a atacantes remotos causar una denegación de servicio (bloqueo de nuevas conexiones) mediante una "conexión de vida corta en un socket en escucha raramente accedido. • http://marc.info/?l=bugtraq&m=107973894328806&w=2 http://marc.info/?l=bugtraq&m=108066914830552&w=2 http://marc.info/?l=bugtraq&m=108369640424244&w=2 http://marc.info/?l=bugtraq&m=108437852004207&w=2 http://marc.info/? • CWE-667: Improper Locking •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. mod_digest de Apache no verifica adecuadamente el nonce de una respuesta de cliente usando un secreto AuthNonce. • http://marc.info/?l=bugtraq&m=108437852004207&w=2 http://security.gentoo.org/glsa/glsa-200405-22.xml http://securitytracker.com/id?1008920 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1 http://sunsolve.sun.com/search/document.do? •

CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. • http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html http://www.ciac.org/ciac/bulletins/p-049.shtml http://www.securityfocus.com/bid/9571 http://www.securitytracker.com/alerts/2004/Dec/1012414.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18347 •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). • http://www.openbsd.org/errata32.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/6939 http://www.securityfocus.com/bid/6943 https://exchange.xforce.ibmcloud.com/vulnerabilities/11438 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •