CVSS: 5.0EPSS: 46%CPEs: 76EXPL: 1CVE-2013-5704 – httpd: bypass of mod_headers rules via chunked requests
https://notcve.org/view.php?id=CVE-2013-5704
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." El módulo mod_headers en el servidor de Apache HTTP 2.2.22 permite a atacantes remotos evadir directivas "RequestHeader unset" mediante la colocación de una cabera en la porción "trailer" de datos enviados con codificación de transferencia fragmentada. NOTA: el proveedor afirma que "esto no es un problema de seguridad en httpd como tal." A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2 http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://martin.swende.se/blog/HTTPChunked.html http://rhn.redhat.com/errata/RHSA-2015-0325.html http://rhn.redhat.com/errata/RHSA-2015-1249.html http://rhn.redhat& • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-5143
https://notcve.org/view.php?id=CVE-2013-5143
The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate. El servicio RADIUS de Server App en Apple OS X Server anteriores a 3.0 selecciona un X.509 de reserva en circunstancias no especificadas, lo que prodría permitir a atacantes man-in-the-middle secuestrar las sesiones RADIUS aprovechando el conocimiento de la clave privada de este certificado de reserva. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1034
https://notcve.org/view.php?id=CVE-2013-1034
Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades XSS en Wiki Server de Apple Mac OS X Server anterior a la versión 2.2.2 permite a atacantes remotos inyectar script web o HTML arbitrario a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://support.apple.com/kb/HT5892 http://www.cloudscan.me/2013/09/cve-2013-1034-stored-xss-xxe-os-x.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 97%CPEs: 81EXPL: 14CVE-2003-0201 – Samba 2.2.8 (BSD x86) - 'trans2open' Remote Overflow
https://notcve.org/view.php?id=CVE-2003-0201
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. Desbordamiento de búfer en la función call_trans2open en trans2.c de Samba 2.2.x anteriores a 2.2.8a, 2.0.10 y versiones anteriores 2.0.x, y Samba-TNG anteriores a de 0.3.2, permite a atacantes remotos ejecutar código arbitrario. • https://www.exploit-db.com/exploits/16880 https://www.exploit-db.com/exploits/55 https://www.exploit-db.com/exploits/7 https://www.exploit-db.com/exploits/16861 https://www.exploit-db.com/exploits/10 https://www.exploit-db.com/exploits/16876 https://www.exploit-db.com/exploits/9924 https://www.exploit-db.com/exploits/16330 https://www.exploit-db.com/exploits/22469 https://www.exploit-db.com/exploits/22471 https://www.exploit-db.com/exploits/22470 https: •