Page 20 of 109 results (0.023 seconds)

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences. Apache no filtra secuencias de escape de terminales en sus archivos de registro de errores, lo que podría hacer más fácil para atacantes insertar estas secuencias en emuladores de terminal que tengan vulnerabilidades relacionadas con secuencias de escape. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046 http://marc.info/?l=bugtraq&m=104612710031920&w=2 http://marc.info/?l=bugtraq&m=108369640424244&w=2 http://marc.info/?l=bugtraq&m=108437852004207&w=2 http://marc.info/? •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served. Apache 2.0 anterior a 2.0.44 en plataformas Windows permite a atacantes remotos obtener determinados ficheros mediante una petición HTTP que termina en ciertos caracteres ilegales como ">", lo cual provoca que se procese y sirva un nombre de archivo diferente. • http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E https://lists •

CVSS: 7.5EPSS: 8%CPEs: 8EXPL: 0

Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. Apache anteriores a 2.0.44, cuando corren sobre sistemas operativos Windows 9x y Me, permite a atacantes remotos causar una denegación de servicio o ejecutar código arbitrario mediane peticiones HTTP conteniendo nombres de dispositivo de MS-DOS. • http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2 http://www.apacheweek.com/issues/03-01-24#security http://www.kb.cert.org/vuls/id/825177 http://www.kb.cert.org/vuls/id/979793 http://www.securityfocus.com/bid/6659 https://exchange.xforce.ibmcloud.com/vulnerabilities/11124 https://exchange.xforce.ibmcloud.com/vulnerabilities/11125 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/t •

CVSS: 6.8EPSS: 97%CPEs: 47EXPL: 1

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la página de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el parámetro UseCanonicalName está desactivado, y está presente el soporte para comodines DNS, permite a atacantes ejecutar comandos como otro visitante de la página mediante la cabecera Host: • https://www.exploit-db.com/exploits/21885 ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103357160425708&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http •

CVSS: 5.0EPSS: 2%CPEs: 10EXPL: 0

mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module. • http://securitytracker.com/id?1005285 http://www.apache.org/dist/httpd/CHANGES_2.0 http://www.kb.cert.org/vuls/id/406121 http://www.securityfocus.com/bid/5816 https://exchange.xforce.ibmcloud.com/vulnerabilities/10208 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0a •