Page 11 of 64 results (0.021 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). • http://www.openbsd.org/errata32.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/6939 http://www.securityfocus.com/bid/6943 https://exchange.xforce.ibmcloud.com/vulnerabilities/11438 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.2EPSS: 0%CPEs: 36EXPL: 0

Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures. Múltiples desbordamientos de búfer en mod_alias y mod_rewrite de Apache anteriores a 1.3.29, con consecuencias y métodos de ataque desconocidos, relacionados con una expresión regular con más de 9 capturas. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc http://docs.info.apple.com/article.html?artnum=61798 http://httpd.apache.org/dist/httpd/Announcement2.html http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html http://lists.apple.com/mhonarc/security-announce/msg00045.html http://marc.info/? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 8%CPEs: 1EXPL: 0

The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service. El programa rotatelogs en Apache anteriores a 1.3.28 para Windows y OS/2, no ignora adecuadamente ciertos caractéres de control que son recibidos por la tubería, lo que podría permitir a atacantes remotos causar una denegación de servicio. • http://www.apache.org/dist/httpd/Announcement.html http://www.kb.cert.org/vuls/id/694428 https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594%40%3Ccvs.httpd •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. Apache 1.3 anteriores a 1.3.25 y Apache 2.0 anteriores a 2.0.43 y posiblemente posteriores no filtran secuencias de escape de terminal de sus logs de acceso, lo que podría hacer más fácil para atacantes insertar esas secuencias secuencias en emuladores de terminal conteniendo vulnerabilidades relacionadas con secuencias de escape, una vulnerabilidad diferente de CAN-2003-0020. • http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH http://marc.info/?l=bugtraq&m=108024081011678&w=2 http://marc.info/?l=bugtraq&m=108034113406858&w=2 http://secunia.com/advisories/8146 http://www.redhat.com/support/errata/RHSA-2003-139.html https://lists.apache.org/thread.html/54a42d4b01968df111 •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. Apache no filtra secuencias de escape de terminales en sus archivos de registro de errores, lo que podría hacer más fácil para atacantes insertar estas secuencias en emuladores de terminal que tengan vulnerabilidades relacionadas con secuencias de escape. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046 http://marc.info/?l=bugtraq&m=104612710031920&w=2 http://marc.info/?l=bugtraq&m=108369640424244&w=2 http://marc.info/?l=bugtraq&m=108437852004207&w=2 http://marc.info/? •