CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0240
https://notcve.org/view.php?id=CVE-2002-0240
PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message. PHP, cuando se instala con Apache y se configura para buscar index.php como la página web por defecto, permite a los atacantes remotos que obtengan el path completo del servidor por medio del método HTTP OPTIONS, lo cual revelará el nombre del path en el mensaje de error correspondiente. • http://marc.info/?l=bugtraq&m=101311746611160&w=2 http://www.iss.net/security_center/static/8119.php http://www.securityfocus.com/bid/4057 •
CVSS: 7.5EPSS: 5%CPEs: 6EXPL: 0CVE-2002-0257
https://notcve.org/view.php?id=CVE-2002-0257
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4. Vulnerabilidad de comandos en sitios cruzados en auction.pl de MakeBid Auction Deluxe 3.30 permite que atacantes remotos obtengan información de otros usuarios por medio de los campos de formulario (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, o (13) PHONE4. • http://marc.info/?l=bugtraq&m=101328880521775&w=2 http://www.iss.net/security_center/static/8161.php http://www.netcreations.addr.com/dcforum/DCForumID2/126.html http://www.securityfocus.com/bid/4069 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2002-0249
https://notcve.org/view.php?id=CVE-2002-0249
PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message. PHP para windows, cuando se ha instalado en Apache 2.0.28 beta como una CGI aislada, permite a atacantes remotos obtener el camino físico del php.exe mediante argumentos intencionados tales como /123, lo cual permite que se muestre el path absoluto en el emensaje de error. • http://marc.info/?l=bugtraq&m=101311698909691&w=2 http://www.iss.net/security_center/static/8121.php http://www.securityfocus.com/bid/4056 •
CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 1CVE-2002-0061 – Apache Win32 1.3.x/2.0.x - Batch File Remote Command Execution
https://notcve.org/view.php?id=CVE-2002-0061
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. El servidor Apache, en sus verisones para Win32 1.3.24 y anteriores, y 2.0.x hasta la 2.0.34-beta, permite que atacantes remotos ejecuten cualquier comando a través del metacaracter "|" de la shell. Estos comandos vienen como argumentos a scrips .bat o .cmd. A su vez estos scripts pasan sin filtrado al intérprete de shell, normalmente cmd.exe • https://www.exploit-db.com/exploits/21350 http://marc.info/?l=bugtraq&m=101674082427358&w=2 http://online.securityfocus.com/archive/1/263927 http://www.apacheweek.com/issues/02-03-29#apache1324 http://www.iss.net/security_center/static/8589.php http://www.securityfocus.com/bid/4335 https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.ap • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2001-1556
https://notcve.org/view.php?id=CVE-2001-1556
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. • http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html http://httpd.apache.org/docs/logs.html http://www.iss.net/security_center/static/7363.php • CWE-532: Insertion of Sensitive Information into Log File •