Page 9 of 83 results (0.038 seconds)

CVSS: 5.0EPSS: 97%CPEs: 100EXPL: 6

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. El módulo mod_proxy del servidor HTTP Apache 1.3.x hasta la versión 1.3.42, 2.0.x hasta la 2.0.64 y 2.2.x hasta la 2.2.21 no interactúa apropiadamente con el uso de coincidencias de patrones de (1) RewriteRule y (2) ProxyPassMatch para la configuración de proxys inversos, lo que permite a atacantes remotos enviar peticiones a servidores de intranet a través de URIs malformadas que contengan un carácter inicial @ (arroba). Context discovered a security vulnerability which allows for Apache in reverse proxy mode to be used to access internal/DMZ systems due to a weakness in its handling of URLs being processed by mod_rewrite. Versions 1.3 and 2.x are affected. • https://www.exploit-db.com/exploits/17969 https://github.com/SECFORCE/CVE-2011-3368 https://github.com/colorblindpentester/CVE-2011-3368 http://kb.juniper.net/JSA10585 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html http://marc.info/?l=bugtraq&m=133294460209 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 96%CPEs: 13EXPL: 3

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Vulnerabilidad de agotamiento de pila en la función fnmatch implementada en apr_fnmatch.c en la librería de Apache Portable Runtime (APR) anterior a v1.4.3 y en Apache HTTP Server anterior a v2.2.18, y en fnmatch.c en libc en NetBSD v5.1, OpenBSD v4.8, FreeBSD, Apple Mac OS X v10.6, Oracle Solaris 10, y Android permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU y memoria) a través de secuencias "*?" en el primer argumento, como se demostró con los ataques contra mod_autoindex en httpd. • https://www.exploit-db.com/exploits/35738 http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22 http://cxib.net/stuff/apache.fnmatch.phps http://cxib.net/stuff/apr_fnmatch.txts http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://marc.info/?l=bugtraq&m=131551295528105&w=2 http://marc.info/&# • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 10.0EPSS: 97%CPEs: 59EXPL: 2

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." El archivo modules/arch/win32/mod_isapi.c en la función mod_isapi en el servidor HTTP de Apache versión 2.0.37 hasta la versión 2.0.63, versión 2.2.0 hasta la versión 2.2.14 y versión 2.3.x en versiones anteriores a la 2.3.7, cuando se ejecuta en Windows, no asegura que el procesamiento de peticiones esté completo antes de llamar a las función isapi_unload para un módulo ISAPI.dll, que permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados relacionados con una petición creada, un paquete de restablecimiento y "orphaned callback pointers". • https://www.exploit-db.com/exploits/11650 http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.vmware.com/pipermail/security-announce/2010/000105.html http://secunia.com/advisories/38978 http://secunia.com/advisories/39628 http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=917870&r2=917869&pathrev=917870 http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_isapi.c?r1=917870&r2=917869&path •

CVSS: 5.8EPSS: 0%CPEs: 21EXPL: 5

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. El protocolo TLS y el protocolo SSL v3.0 y posiblemente versiones anteriores, tal y como se usa en Microsoft Internet Information Services (IIS) v7.0, mod_ssl en el servidor HTTP Apache v2.2.14 y anteriores, OpenSSL antes de v0.9.8l, GnuTLS v2.8.5 y anteriores, Mozilla Network Security Services (NSS) v3.12.4 y anteriores, y otros productos, no asocia apropiadamente la renegociación del Handshake SSL en una conexión existente, lo que permite ataques man-in-the-middle en los que el atacante inserta datos en sesiones HTTPS, y posiblemente otro tipo de sesiones protegidas por SSL o TLS, enviando una petición de autenticación que es procesada retroactivamente por un servidor en un contexto post-renegociación. Se trata de un ataque de "inyección de texto plano", también conocido como el problema del "Proyecto Mogul". • https://www.exploit-db.com/exploits/10071 https://www.exploit-db.com/exploits/10579 http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html http://blogs.iss.net/archive/sslmitmiscsrf.html http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during http://clicky.me/tlsvuln http://extendedsubset.com/?p=8 http://extendedsubset.com/Renegotiating_TLS.pdf http://h20000.www2.hp.com/bizsuppo • CWE-295: Improper Certificate Validation CWE-300: Channel Accessible by Non-Endpoint •

CVSS: 7.5EPSS: 0%CPEs: 60EXPL: 0

SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request. Vulnerabilidad de inyección SQL en mod_auth_mysql.c en el módulo mod-auth-mysql (alias libapache2-mod-auth-mysql) para Apache HTTP Server 2.x, permite a atacantes remotos ejecutar comandos SQL de su elección a través de codificaciones de caracteres multibyte para entradas no especificadas. • http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053899.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053903.html http://openwall.com/lists/oss-security/2009/01/21/10 http://secunia.com/advisories/33627 http://secunia.com/advisories/43302 http://www.redhat.com/support/errata/RHSA-2009-0259.html http://www.redhat.com/support/errata/RHSA-2010-1002. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •