Page 16 of 83 results (0.005 seconds)

CVSS: 5.0EPSS: 13%CPEs: 12EXPL: 1

Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked. Apache 2.0 a 2.0.39 en Windows, OS2 y Netware, permite a atacantes remotos determinar la ruta completa del servidor mediante una petición de un fichero .var, donde el mensaje de error muestra muestra la ruta al archivo, o mediante un mensaje de error que ocurre cuando un script (proceso hijo) no puede ser invocado. • https://www.exploit-db.com/exploits/21719 http://marc.info/?l=bugtraq&m=102951160411052&w=2 http://www.apache.org/dist/httpd/CHANGES_2.0 http://www.iss.net/security_center/static/9875.php http://www.iss.net/security_center/static/9876.php http://www.securityfocus.com/bid/5485 http://www.securityfocus.com/bid/5486 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054 •

CVSS: 7.5EPSS: 96%CPEs: 12EXPL: 1

Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters. • https://www.exploit-db.com/exploits/21697 http://httpd.apache.org/info/security_bulletin_20020908a.txt http://marc.info/?l=bugtraq&m=102892744011436&w=2 http://marc.info/?l=bugtraq&m=102951160411052&w=2 http://www.iss.net/security_center/static/9808.php http://www.securityfocus.com/bid/5434 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs •

CVSS: 7.5EPSS: 75%CPEs: 3EXPL: 3

Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. • https://www.exploit-db.com/exploits/21560 https://www.exploit-db.com/exploits/21559 https://www.exploit-db.com/exploits/16782 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32 ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31 ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I http://archives. •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information. • http://www.apache.org/dist/httpd/CHANGES_2.0 http://www.iss.net/security_center/static/9623.php http://www.kb.cert.org/vuls/id/165803 http://www.securityfocus.com/bid/5256 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.or •

CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 1

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. El servidor Apache, en sus verisones para Win32 1.3.24 y anteriores, y 2.0.x hasta la 2.0.34-beta, permite que atacantes remotos ejecuten cualquier comando a través del metacaracter "|" de la shell. Estos comandos vienen como argumentos a scrips .bat o .cmd. A su vez estos scripts pasan sin filtrado al intérprete de shell, normalmente cmd.exe • https://www.exploit-db.com/exploits/21350 http://marc.info/?l=bugtraq&m=101674082427358&w=2 http://online.securityfocus.com/archive/1/263927 http://www.apacheweek.com/issues/02-03-29#apache1324 http://www.iss.net/security_center/static/8589.php http://www.securityfocus.com/bid/4335 https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.ap • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •