Page 21 of 104 results (0.007 seconds)

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served. Apache 2.0 anterior a 2.0.44 en plataformas Windows permite a atacantes remotos obtener determinados ficheros mediante una petición HTTP que termina en ciertos caracteres ilegales como ">", lo cual provoca que se procese y sirva un nombre de archivo diferente. • http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E https://lists •

CVSS: 7.5EPSS: 8%CPEs: 8EXPL: 0

Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names. Apache anteriores a 2.0.44, cuando corren sobre sistemas operativos Windows 9x y Me, permite a atacantes remotos causar una denegación de servicio o ejecutar código arbitrario mediane peticiones HTTP conteniendo nombres de dispositivo de MS-DOS. • http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2 http://www.apacheweek.com/issues/03-01-24#security http://www.kb.cert.org/vuls/id/825177 http://www.kb.cert.org/vuls/id/979793 http://www.securityfocus.com/bid/6659 https://exchange.xforce.ibmcloud.com/vulnerabilities/11124 https://exchange.xforce.ibmcloud.com/vulnerabilities/11125 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/t •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. • http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html http://httpd.apache.org/docs/logs.html http://www.iss.net/security_center/static/7363.php • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. • http://marc.info/?l=bugtraq&m=87602880019796&w=2 •