Page 17 of 93 results (0.008 seconds)

CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0

htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. • http://marc.info/?l=bugtraq&m=97916374410647&w=2 http://www.debian.org/security/2001/dsa-021 http://www.securityfocus.com/bid/2182 https://exchange.xforce.ibmcloud.com/vulnerabilities/5926 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. • http://marc.info/?l=bugtraq&m=97502498610979&w=2 http://www.securityfocus.com/bid/1988 •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. • http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html http://archives.neohapsis.com/archives/bugtraq/2000-10/0174.html http://archives.neohapsis.com/archives/hp/2000-q4/0021.html http://www.calderasystems.com/support/security/advisories/CSSA-2000-035.0.txt http://www.linux-mandrake.com/en/security/MDKSA-2000-060-2.php3?dis=7.1 http://www.redhat.com/support/errata/RHSA-2000-088.html http://www.redhat.com/support/errata/RHSA-2000-095.html http://www.securityfocus •

CVSS: 5.0EPSS: 1%CPEs: 12EXPL: 2

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method. • https://www.exploit-db.com/exploits/20210 http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html http://www.atstake.com/research/advisories/2000/a090700-3.txt http://www.securityfocus.com/bid/1656 https://exchange.xforce.ibmcloud.com/vulnerabilities/5204 •

CVSS: 5.0EPSS: 89%CPEs: 3EXPL: 0

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. • http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html http://www.atstake.com/research/advisories/2000/a090700-2.txt http://www.securityfocus.com/bid/1658 https://exchange.xforce.ibmcloud.com/vulnerabilities/5197 •