OVALdb logo

Professional OVAL Repository

Skip Navigation LinksOVAL > OVAL Definitions

Search Conditions:  Title: Apache HTTP Server

Page 1 of 19 (722 items)Предыдущая1234567171819Следующая
OVALid 
Version 
Title 
Class 
Open filter row popup menu
Open filter row popup menu
Open filter row popup menu
xv
oval:org.mitre.oval:def:869511Apache HTTP Server request header information disclosurevulnerability
oval:org.mitre.oval:def:1528239USN-1368-1 -- Apache HTTP Server vulnerabilitiespatch
oval:org.mitre.oval:def:993518The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.vulnerability
oval:org.mitre.oval:def:982425cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.vulnerability
oval:org.mitre.oval:def:975418Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.vulnerability
oval:org.mitre.oval:def:957725The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.vulnerability
oval:org.mitre.oval:def:953925Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.vulnerability
oval:org.mitre.oval:def:940318The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.vulnerability
oval:org.mitre.oval:def:936325The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.vulnerability
oval:org.mitre.oval:def:1145224The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."vulnerability
oval:org.mitre.oval:def:1126018Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.vulnerability
oval:org.mitre.oval:def:1109418The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.vulnerability
oval:org.mitre.oval:def:1098125The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.vulnerability
oval:org.mitre.oval:def:1096825The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.vulnerability
oval:org.mitre.oval:def:1092925Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.vulnerability
oval:org.mitre.oval:def:1066418Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.vulnerability
oval:org.mitre.oval:def:1064318Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.vulnerability
oval:org.mitre.oval:def:1035825The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.vulnerability
oval:org.mitre.oval:def:1035224http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.vulnerability
oval:org.mitre.oval:def:1027225Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.vulnerability
oval:org.mitre.oval:def:1027025The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.vulnerability
oval:org.mitre.oval:def:1018118The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.vulnerability
oval:org.mitre.oval:def:1017219SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x allows remote attackers to execute arbitrary SQL commands via multibyte character encodings for unspecified input.vulnerability
oval:org.mitre.oval:def:1015425Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.vulnerability
oval:org.mitre.oval:def:1008826The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.vulnerability
oval:ru.altx-soft.win:def:213676Раскрытие информации заголовка запроса в Apache HTTP Server (CVE-2010-0434)vulnerability
oval:org.mitre.oval:def:86057Apache HTTP Server 2.0.x is installed on the systeminventory
oval:org.mitre.oval:def:85657Apache HTTP Server 1.3.x is installed on the systeminventory
oval:org.mitre.oval:def:85507Apache HTTP Server 2.2.x is installed on the systeminventory
oval:ru.altx-soft.win:def:225874Уязвимость DoS в Apache HTTP Server 2.2.x до 2.2.16 (CVE-2010-1452)vulnerability
oval:ru.altx-soft.nix:def:152828Обновление USN-1368-1 -- уязвимости Apache HTTP Serverpatch
oval:ru.altx-soft.win:def:277296Целочисленное переполнение в mod_proxy в Apache HTTP Server до 1.3.42 на 64-битных платформах (CVE-2010-0010)vulnerability
oval:ru.altx-soft.win:def:277505Уязвимость в модуле mod_proxy_ftp в Apache HTTP Server 2.0.63 и 2.2.13 (CVE-2009-3094)vulnerability
oval:ru.altx-soft.win:def:277725Множественные целочисленные переполнения в Apache HTTP Server до 2.2.13 (CVE-2009-2412)vulnerability
oval:ru.altx-soft.win:def:277816Уязвимость в модуле mod_proxy_ajp в Apache HTTP Server 2.2.11 (CVE-2009-1191)vulnerability
oval:ru.altx-soft.win:def:278275Межсайтовый скриптинг (XSS) в mod_proxy_ftp в Apache HTTP Server 2.2.9 и ниже (CVE-2008-2939)vulnerability
oval:ru.altx-soft.win:def:278316Уязвимость в mod_proxy_http в Apache HTTP Server 2.0.63 и 2.2.8 (CVE-2008-2364)vulnerability
oval:ru.altx-soft.win:def:278455Уязвимость подделки межсайтовых запросов (CSRF) в balancer-manager в Apache HTTP Server 2.2.x (CVE-2007-6420)vulnerability
oval:ru.altx-soft.win:def:279595Уязвимость в модуле mod_isapi в Apache HTTP Server 2.2.15 (CVE-2010-0425)vulnerability
oval:org.mitre.oval:def:263896End of life cycle for Apache HTTP Server 1.3patch
Page 1 of 19 (722 items)Предыдущая1234567171819Следующая

company ALTEX-SOFT 2008-2020, © AO ALTEX-SOFT , ovaldb@altx-soft.com

OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.