CVE-2007-6421 – httpd mod_proxy_balancer cross-site scripting
https://notcve.org/view.php?id=CVE-2007-6421
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. La vulnerabilidad de tipo cross-site-scripting (XSS) en el controlador-balanceador en el componente mod_proxy_balancer en el servidor HTTP de Apache versión 2.2.0 hasta 2.2.6, permite a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio de los parámetros (1) ss, (2) wr o (3) rr, o (4) la dirección URL. • http://docs.info.apple.com/article.html?artnum=307562 http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://secunia.com/advisories/28526 http://secunia.com/advisories/28749 http://secunia.com/advisories/28977 http://secunia.com/advisories/29420 http://secunia.com/advisories/29640 http://securityreason.com/securityalert/3523 http:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-6422 – httpd mod_proxy_balancer crash
https://notcve.org/view.php?id=CVE-2007-6422
The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable. La función balancer_handler en el componente mod_proxy_balancer en el servidor HTTP de Apache versión 2.2.0 hasta 2.2.6, cuando se utiliza un módulo de procesamiento múltiple enhebrado, permite a los usuarios autenticados remotos causar una denegación de servicio (bloqueo del proceso secundario) por medio de una variable bb no válida. • http://httpd.apache.org/security/vulnerabilities_22.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://secunia.com/advisories/28526 http://secunia.com/advisories/28749 http://secunia.com/advisories/28977 http://secunia.com/advisories/29348 http://secunia.com/advisories/29640 http://security.gentoo.org/glsa/glsa-200803-19.xml http://securityreason.com/securityalert/3523 http://www.mandriva.com/security/advisories?name=MDVSA-2008:016 http://www.redhat • CWE-399: Resource Management Errors •
CVE-2007-6388 – apache mod_status cross-site scripting
https://notcve.org/view.php?id=CVE-2007-6388
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS), en mod_status, dentro de Apache HTTP Server, en versiones 2.2.0 hasta 2.2.6, 2.0.35 hasta 2.0.61, y 1.3.2 hasta 1.3.39, cuando la página server-status está activada, permite que atacantes remotos inyecten , a su elección, código web o HTML, usando vectores no especificados. • http://docs.info.apple.com/article.html?artnum=307562 http://httpd.apache.org/security/vulnerabilities_13.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://lists.vmware.com/pipermail/security-announce/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5000 – httpd: mod_imagemap XSS
https://notcve.org/view.php?id=CVE-2007-5000
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en los módulos (1) mod_imap en Apache HTTP Server 1.3.0 hasta 1.3.39 y 2.0.35 hasta 2.0.61, y (2) mod_imagemap en Apache HTTP Server 2.2.0 hasta 2.2.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 http://httpd.apache.org/security/vulnerabilities_13.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4465 – mod_autoindex XSS
https://notcve.org/view.php?id=CVE-2007-4465
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mod_autoindex.c en el servidor HTTP Apache versiones anteriores a 2.2.6, cuando un juego de caracteres en una página generada por el servidor no está definido, permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro P utilizando el juego de caracteres UTF-7. NOTA. Se podría argumentar que este asunto se debe a una limitación de diseño de los navegadores que intentan realizar una detección automática de tipo de contenido. • http://bugs.gentoo.org/show_bug.cgi?id=186219 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://secunia.com/advisories/26842 http://secunia.com/advisories/26952 http://secunia.com/advisories/27563 http://secunia.com/advisories/27732 http://secunia.com/advisories/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •