Page 14 of 71 results (0.012 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. • http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html http://httpd.apache.org/docs/logs.html http://www.iss.net/security_center/static/7363.php • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. • http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html http://www.iss.net/security_center/static/7494.php http://www.securityfocus.com/bid/3521 • CWE-384: Session Fixation •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0

Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. • http://www.apacheweek.com/issues/02-02-01#security http://www.securityfocus.com/archive/1/203955 http://www.securityfocus.com/bid/3176 https://exchange.xforce.ibmcloud.com/vulnerabilities/8633 •

CVSS: 5.0EPSS: 1%CPEs: 7EXPL: 0

Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer. • http://bugs.apache.org/index.cgi/full/7522 http://marc.info/?l=bugtraq&m=99054258728748&w=2 http://online.securityfocus.com/archive/1/176144 http://www.apacheweek.com/issues/01-05-25 http://www.iss.net/security_center/static/6527.php http://www.securityfocus.com/bid/2740 https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.o •

CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0

htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. • http://marc.info/?l=bugtraq&m=97916374410647&w=2 http://www.debian.org/security/2001/dsa-021 http://www.securityfocus.com/bid/2182 https://exchange.xforce.ibmcloud.com/vulnerabilities/5926 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •