Page 9 of 177 results (0.025 seconds)

CVSS: 1.2EPSS: 0%CPEs: 55EXPL: 3

The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607. La función ap_pregsub en server/util.c en el servidor HTTP Apache v2.0.x hasta la 2.0.64 y la v2.2.x hasta la v2.2.21, cuando el módulo mod_setenvif está activado, no limita el tamaño de los valores de las variables de entorno, lo que permite a usuarios locales causar una denegación de servicio (consumo de memoria o puntero a NULL) a través de un archivo de tipo .htaccess que incluye una directiva SetEnvIf modificada, junto con un encabezado de solicitud HTTP manipulado, relacionado con (1) la declarción "len + =" y (2) con la llamada a la funcion apr_pcalloc, una vulnerabilidad diferente a CVE-2011-3607. • https://www.exploit-db.com/exploits/41769 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://www.gossamer-threads.com/lists/apache/dev/403775 http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html • CWE-20: Improper Input Validation •

CVSS: 4.4EPSS: 0%CPEs: 55EXPL: 4

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. Desbordamiento de entero en la función en ap_pregsub / util.c en el servidor HTTP Apache v2.0.x hasta la v2.0.64 y la v2.2.x hasta la v2.2.21, cuando el módulo mod_setenvif está activado, que permite a usuarios locales conseguir privilegios a través de un archivo .htaccess que incluye una directiva SetEnvIf modificada, junto con un encabezado de solicitud HTTP manipulado, dando lugar a un desbordamiento de búfer basado en memoria dinámica. • https://www.exploit-db.com/exploits/41769 http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://marc.info/?l=bugtraq&m=133294460209056&w=2 http://marc.info/?l=bugtraq&m=133494237717847&w=2 http://marc.info/?l=bugtraq&m=134987041210674&w=2 http://rhn.redhat.com/errata/RHSA-2012-0128.html http://r • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/. vulnerabilidad múltiple en cross-site scripting (XSS) en IBM HTTP Server v2.0.47 y anteriores, se utiliza en WebSphere Application Server y otros productos, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados que involucran archivos de documentación en (1) manual/ibm/ y (2) htdocs/*/manual/ibm/. • http://www-01.ibm.com/support/docview.wss?uid=swg21502580 http://www.ibm.com/support/docview.wss?uid=swg1PM41293 http://www.securityfocus.com/bid/50447 https://exchange.xforce.ibmcloud.com/vulnerabilities/69656 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 97%CPEs: 100EXPL: 6

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. El módulo mod_proxy del servidor HTTP Apache 1.3.x hasta la versión 1.3.42, 2.0.x hasta la 2.0.64 y 2.2.x hasta la 2.2.21 no interactúa apropiadamente con el uso de coincidencias de patrones de (1) RewriteRule y (2) ProxyPassMatch para la configuración de proxys inversos, lo que permite a atacantes remotos enviar peticiones a servidores de intranet a través de URIs malformadas que contengan un carácter inicial @ (arroba). Context discovered a security vulnerability which allows for Apache in reverse proxy mode to be used to access internal/DMZ systems due to a weakness in its handling of URLs being processed by mod_rewrite. Versions 1.3 and 2.x are affected. • https://www.exploit-db.com/exploits/17969 https://github.com/SECFORCE/CVE-2011-3368 https://github.com/colorblindpentester/CVE-2011-3368 http://kb.juniper.net/JSA10585 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html http://marc.info/?l=bugtraq&m=133294460209 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 96%CPEs: 16EXPL: 8

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. El filtro byterange en el Servidor Apache HTTP v1.3.x, v2.0.x hasta v2.0.64, y v2.2.x hasta v2.2.19 permite a tacantes remotos provocar una denegación de servicio (consumo de memoria y CPU) a través de una cabecera Range que expresa múltiple rangos de solapamiento, como se explotó en Agosto 2011, una vulnerabilidad diferente que CVE-2007-0086. • https://www.exploit-db.com/exploits/18221 https://www.exploit-db.com/exploits/17696 https://github.com/limkokholefork/CVE-2011-3192 https://github.com/futurezayka/CVE-2011-3192 http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html http://blogs.oracle.com/security/entry/security_alert_for_cve_2011 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html http://lists.opensuse. • CWE-400: Uncontrolled Resource Consumption •