Page 37 of 281 results (0.017 seconds)

CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo mod_imap de Apache httpd anteriores a 1.3.35-dev y Apache httpd 2.0.x anteriores a 2.0.56-dev permite a atacantes remotos inyectar 'script' web o HTML de su elección mediante el Referente cuando se usan mapas de imágenes. • ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 http://issues.apache.org/bugzilla/show_bug.cgi?id=37874 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html http:// • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0

Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. • http://mail-archives.apache.org/mod_mbox/httpd-cvs/200509.mbox/%3C20051001110218.40692.qmail%40minotaur.apache.org%3E http://rhn.redhat.com/errata/RHSA-2006-0159.html http://secunia.com/advisories/16559 http://secunia.com/advisories/17923 http://secunia.com/advisories/18161 http://secunia.com/advisories/18333 http://secunia.com/advisories/18585 http://securitytracker.com/id?1015093 http://svn.apache.org/viewcvs?rev=292949&view=rev http://www.mandriva.com/security/advisories?name= • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://marc.info/?l=apache-modssl&m=112569517603897&w=2 http://marc.info/?l=bugtraq&m=112604765028607&w=2 http://marc.info/?l=bugtraq&m=112870296926652&w=2 http://people.apache.org/~jorton/CAN-2005-2700.diff http://secunia.com/advisories/16700 http://secunia.com/advisories/16705 http://secunia.com/advisories/16714 http://secunia.com/advisories/16743 http://secunia.com/advisories/16746 http:&# •

CVSS: 5.0EPSS: 92%CPEs: 24EXPL: 0

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. • ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://issues.apache.org/bugzilla/show_bug.cgi?id=29962 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://secunia.com/advisories/16559 http://secunia.com/advisories/16705 http://secunia.com/advisories/16714 http://secunia.com/advisories/16743 http://secunia.com/advisories/16746 http://secunia.com/advisories/16753 http://secunia.com/advisories/16754 http://secunia.com/advisories/ •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. Error de fuera-por-uno en la retrollamda de verificación de Lista de Revocación de Certificados (CRL) de mod_ssl para Apache, cuando se configura para usar un CRL, permite a atacantes remotos causar una denegación de servicio (caída de proceso hijo) mediante una CRL que causa un desbordamiento de búfer de un byte nule. • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://rhn.redhat.com/errata/RHSA-2005-582.html http://secunia.com/advisories/19072 http://secunia.com/advisories/19185 http://securityreason.com/securityalert/604 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.debian.org/security/2005/dsa-805 http://www.mandriva.com/security/advisories?name=MDKSA-2005:129 http:/& • CWE-193: Off-by-one Error •