Page 17 of 123 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 5

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability. • https://www.exploit-db.com/exploits/25625 https://www.exploit-db.com/exploits/25624 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://www.lucaercoli.it/advs/htdigest.txt http://www.osvdb.org/12848 http://www.securiteam.com/unixfocus/5EP061FEKC.html http://www.securityfocus.com/bid/13537 •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument • http://archives.neohapsis.com/archives/bugtraq/2004-02/0043.html http://archives.neohapsis.com/archives/bugtraq/2004-02/0064.html http://archives.neohapsis.com/archives/bugtraq/2004-02/0120.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15015 •

CVSS: 5.0EPSS: 96%CPEs: 1EXPL: 1

Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters. • https://www.exploit-db.com/exploits/855 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028248.html http://marc.info/?l=bugtraq&m=110384374213596&w=2 http://secunia.com/advisories/19072 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm ht •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration. El módulo mod_ssl en Apache 2.0.35 a 2.0.52, cuando se usa la "SSLCipherSuite" en contexto de directorio o lugar, permite a clientes remotos evitar las restricciones pretendidas usando cualquier conjunto de cifrado que sea permitido por la configuración de servidor (host) virtual. • http://issues.apache.org/bugzilla/show_bug.cgi?id=31505 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=109786159119069&w=2 http://secunia.com/advisories/19072 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.apacheweek.com/features/security-20 http://www&# •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration. • http://fedoranews.org/updates/FEDORA-2004-313.shtml http://security.gentoo.org/glsa/glsa-200409-33.xml http://www.apache.org/dist/httpd/patches/apply_to_2.0.51/CAN-2004-0811.patch http://www.apacheweek.com/features/security-20 http://www.securityfocus.com/bid/11239 http://www.trustix.org/errata/2004/0049 https://exchange.xforce.ibmcloud.com/vulnerabilities/17473 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https:/ •