Page 12 of 93 results (0.009 seconds)

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. Apache 1.3 anteriores a 1.3.25 y Apache 2.0 anteriores a 2.0.43 y posiblemente posteriores no filtran secuencias de escape de terminal de sus logs de acceso, lo que podría hacer más fácil para atacantes insertar esas secuencias secuencias en emuladores de terminal conteniendo vulnerabilidades relacionadas con secuencias de escape, una vulnerabilidad diferente de CAN-2003-0020. • http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25 http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH http://marc.info/?l=bugtraq&m=108024081011678&w=2 http://marc.info/?l=bugtraq&m=108034113406858&w=2 http://secunia.com/advisories/8146 http://www.redhat.com/support/errata/RHSA-2003-139.html https://lists.apache.org/thread.html/54a42d4b01968df111 •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. Apache no filtra secuencias de escape de terminales en sus archivos de registro de errores, lo que podría hacer más fácil para atacantes insertar estas secuencias en emuladores de terminal que tengan vulnerabilidades relacionadas con secuencias de escape. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046 http://marc.info/?l=bugtraq&m=104612710031920&w=2 http://marc.info/?l=bugtraq&m=108369640424244&w=2 http://marc.info/?l=bugtraq&m=108437852004207&w=2 http://marc.info/? •

CVSS: 4.6EPSS: 0%CPEs: 18EXPL: 1

Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. • http://marc.info/?l=bugtraq&m=103480856102007&w=2 http://www.securityfocus.com/bid/5993 https://exchange.xforce.ibmcloud.com/vulnerabilities/10414 https://sardonix.org/audit/apache-45.html •

CVSS: 7.8EPSS: 1%CPEs: 36EXPL: 2

Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values. • https://www.exploit-db.com/exploits/22068 http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html http://www.securityfocus.com/bid/6320 https://exchange.xforce.ibmcloud.com/vulnerabilities/10771 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request. • http://www.iss.net/security_center/static/7810.php http://www.securityfocus.com/advisories/3761 http://www.securityfocus.com/bid/3796 •