Page 13 of 66 results (0.004 seconds)

CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 1

CVE-2002-0061 – Apache Win32 1.3.x/2.0.x - Batch File Remote Command Execution

https://notcve.org/view.php?id=CVE-2002-0061

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. El servidor Apache, en sus verisones para Win32 1.3.24 y anteriores, y 2.0.x hasta la 2.0.34-beta, permite que atacantes remotos ejecuten cualquier comando a través del metacaracter "|" de la shell. Estos comandos vienen como argumentos a scrips .bat o .cmd. A su vez estos scripts pasan sin filtrado al intérprete de shell, normalmente cmd.exe • https://www.exploit-db.com/exploits/21350 http://marc.info/?l=bugtraq&m=101674082427358&w=2 http://online.securityfocus.com/archive/1/263927 http://www.apacheweek.com/issues/02-03-29#apache1324 http://www.iss.net/security_center/static/8589.php http://www.securityfocus.com/bid/4335 https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.ap • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2001-1556

https://notcve.org/view.php?id=CVE-2001-1556

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. • http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html http://httpd.apache.org/docs/logs.html http://www.iss.net/security_center/static/7363.php • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

CVE-2001-1449

https://notcve.org/view.php?id=CVE-2001-1449

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. • http://www.kb.cert.org/vuls/id/913704 http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2 https://exchange.xforce.ibmcloud.com/vulnerabilities/8029 •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

CVE-2000-0913

https://notcve.org/view.php?id=CVE-2000-0913

mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. • http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html http://archives.neohapsis.com/archives/bugtraq/2000-10/0174.html http://archives.neohapsis.com/archives/hp/2000-q4/0021.html http://www.calderasystems.com/support/security/advisories/CSSA-2000-035.0.txt http://www.linux-mandrake.com/en/security/MDKSA-2000-060-2.php3?dis=7.1 http://www.redhat.com/support/errata/RHSA-2000-088.html http://www.redhat.com/support/errata/RHSA-2000-095.html http://www.securityfocus •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

CVE-2000-1205

https://notcve.org/view.php?id=CVE-2000-1205

Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant. • http://archive.cert.uni-stuttgart.de/bugtraq/2002/12/msg00243.html http://archives.neohapsis.com/archives/bugtraq/2002-12/0233.html http://httpd.apache.org/info/css-security/apache_specific.html http://marc.info/?l=bugtraq&m=118529436424127&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/10938 https://exchange.xforce.ibmcloud.com/vulnerabilities/35597 https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/t • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •