Page 16 of 106 results (0.015 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument • http://archives.neohapsis.com/archives/bugtraq/2004-02/0043.html http://archives.neohapsis.com/archives/bugtraq/2004-02/0064.html http://archives.neohapsis.com/archives/bugtraq/2004-02/0120.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15015 •

CVSS: 5.0EPSS: 96%CPEs: 1EXPL: 1

Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. • https://www.exploit-db.com/exploits/855 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028248.html http://marc.info/?l=bugtraq&m=110384374213596&w=2 http://secunia.com/advisories/19072 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm ht •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. El módulo mod_ssl en Apache 2.0.35 a 2.0.52, cuando se usa la "SSLCipherSuite" en contexto de directorio o lugar, permite a clientes remotos evitar las restricciones pretendidas usando cualquier conjunto de cifrado que sea permitido por la configuración de servidor (host) virtual. • http://issues.apache.org/bugzilla/show_bug.cgi?id=31505 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=109786159119069&w=2 http://secunia.com/advisories/19072 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.apacheweek.com/features/security-20 http://www&# •

CVSS: 5.0EPSS: 0%CPEs: 30EXPL: 1

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. • http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.32&r2=1.33 http://www.debian.org/security/2004/dsa-558 http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 http://www.redhat.com/support/errata/RHSA-2004-463.html http://www.trustix.org/errata/2004/0047 https://exchange.xforce.ibmcloud.com/vulnerabilities/17366 https://lists.apache.org/thread.html/54a42d4b01968df11 •

CVSS: 5.0EPSS: 8%CPEs: 1EXPL: 0

The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool. Las reglas de procesado de IPv6 en la biblioteca apr-util de Apache 2.0.50 y anteriores permite a atacantes remotos causar una denegación de servicio (caída de proceso hijo) mediante una cierta URI, como se ha demostrado utilizando la herramienta de pruebas HTTP Codenomicon. • http://secunia.com/advisories/12540 http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096 http://www.novell.com/linux/security/advisories/2004_32_apache2.html http://www.redhat.com/support/errata/RHSA-2004-463.html http://www.trustix.org/errata/2004/0047 https://exchange.xforce.ibmcloud.com/vulnerabilities/17382 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.a •