Page 13 of 122 results (0.020 seconds)

CVSS: 4.3EPSS: 71%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS), en mod_status, dentro de Apache HTTP Server, en versiones 2.2.0 hasta 2.2.6, 2.0.35 hasta 2.0.61, y 1.3.2 hasta 1.3.39, cuando la página server-status está activada, permite que atacantes remotos inyecten , a su elección, código web o HTML, usando vectores no especificados. • http://docs.info.apple.com/article.html?artnum=307562 http://httpd.apache.org/security/vulnerabilities_13.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://lists.vmware.com/pipermail/security-announce/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 60%CPEs: 15EXPL: 0

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en los módulos (1) mod_imap en Apache HTTP Server 1.3.0 hasta 1.3.39 y 2.0.35 hasta 2.0.61, y (2) mod_imagemap en Apache HTTP Server 2.2.0 hasta 2.2.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 http://httpd.apache.org/security/vulnerabilities_13.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 97%CPEs: 25EXPL: 3

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. Apache HTTP Server 2.0.x y 2.2.x no sanea la cabecera de especificador de HTTP Method de una petición HTTP cuando es reflejada en un error "413 Request Entity Too Large", lo cual podría permitir ataques tipo secuencias de comandos en sitios cruzados (XSS) utilizando componentes de clientes web que pueden enviar cabeceras de su elección en peticiones, como se demuestra con una petición petición HTTP conteniendo un valor inválido de Content-length, asunto similar a CVE-2006-3918. • https://www.exploit-db.com/exploits/30835 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://marc.info/?l=bugtraq&m=129190899612998&w=2 http://procheckup.com/Vulnerability_PR07-37.php http://secunia.com/advisories/27906 http://secunia.com/advisories/28196 http://secunia • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mod_autoindex.c en el servidor HTTP Apache versiones anteriores a 2.2.6, cuando un juego de caracteres en una página generada por el servidor no está definido, permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro P utilizando el juego de caracteres UTF-7. NOTA. Se podría argumentar que este asunto se debe a una limitación de diseño de los navegadores que intentan realizar una detección automática de tipo de contenido. • http://bugs.gentoo.org/show_bug.cgi?id=186219 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/26842 http://secunia.com/advisories/26952 http://secunia.com/advisories/27563 http://secunia.com/advisories/27732 http://secunia.com/advisories/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. La fecha que maneja el código en modules/proxy/proxy_util.c (mod_proxy) en Apache 2.3.0, cuando se utiliza un MPM hilado, permite a servidores origen remotos provocar denegación de servicio (caida del proceso de proxy del cacheo de respuesta)a través de cabeceras de datos manipulados que disparan una sobre-lectura de búfer. • http://bugs.gentoo.org/show_bug.cgi?id=186219 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.vmware.com/pipermail/security-announce/200 • CWE-125: Out-of-bounds Read •