Lista de Vulnerabilidades I

rosubcero
Visitante

« en: Febrero 12, 2005, 02:38:10 »

Expongo aqui una lista de vulnerabilidades que han sido escaneadas en un server.

Quisiera saber donde consigo exploit para dichas vulnerabilidades.

CGI Scripts : mnoGoSearch 3.1.19 Search Query Buffer Overflow Vulnerability
Port   80
Description   mnoGoSearch 3.1.19 is an SQL based search engine. It is vulnerable to a buffer overflow condition. A long string can be submitted to the search.cgi script as a search query. This is potentially exploitable to execute code on the host machine.
How to fix   Upgrade to the current version of mnoGoSearch.
Risk Level   High
Related Links   mnoGoSearch HomePage
Script
Necesitas ser usuario para ver los enlaces Crear Usuario Hacer Sesion
CVE   CVE-MAP-NOMATCH
BugtraqID   4724

Web Servers : PHP array_pad() Integer Overflow Memory Corruption Vulnerability
Port   443
Description   A vulnerability has been reported in PHP. The problem occurs in the array_pad() function and may allow an attacker to corrupt memory. The affected function reportedly fails to ensure that proper boundary checks are performed on values supplied by a malicious user. This may result in an integer overflow when array_pad() is called with an overly long value for its second argument.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7256

Web Servers : PHP array_pad() Integer Overflow Memory Corruption Vulnerability
Port   80
Description   A vulnerability has been reported in PHP. The problem occurs in the array_pad() function and may allow an attacker to corrupt memory. The affected function reportedly fails to ensure that proper boundary checks are performed on values supplied by a malicious user. This may result in an integer overflow when array_pad() is called with an overly long value for its second argument.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7256

Web Servers : PHP DLOpen Arbitrary Web Server Process Memory Vulnerability
Port   443
Description   A problem has been reported in the dlopen function of PHP when used with the Apache web server. Because of this, an attacker may be able to gain unauthorized access to potentially sensitive information.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   8405

Web Servers : PHP DLOpen Arbitrary Web Server Process Memory Vulnerability
Port   80
Description   A problem has been reported in the dlopen function of PHP when used with the Apache web server. Because of this, an attacker may be able to gain unauthorized access to potentially sensitive information.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   8405

Web Servers : PHP emalloc() Unspecified Integer Overflow Memory Corruption Vulnerability
Port   443
Description   A vulnerability has been reported in PHP version 4.3.1 and earlier. The problem occurs in the emalloc() function and may allow an attacker to corrupt memory. The affected function reportedly fails to ensure that proper boundary checks are performed on values supplied by a malicious user. This may result in an integer overflow when emalloc() attempts to allocate memory.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7199

Web Servers : PHP emalloc() Unspecified Integer Overflow Memory Corruption Vulnerability
Port   80
Description   A vulnerability has been reported in PHP version 4.3.1 and earlier. The problem occurs in the emalloc() function and may allow an attacker to corrupt memory. The affected function reportedly fails to ensure that proper boundary checks are performed on values supplied by a malicious user. This may result in an integer overflow when emalloc() attempts to allocate memory.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7199
Web Servers : PHP Input Ouput Wrapper Remote Include Function Command Execution Weakness
Port   80
Description   PHP is reportedly affected by an arbitrary command execution weakness through the PHP include() function. This issue is due to a design error that allows the execution of attacker supplied POST PHP commands when URI data is used as an argument to an 'include()' function. This issue affect the PHP module itself; however the problem only presents itself when an application uses a user-supplied URI parameter as an argument to the 'include()' function. This issue is reported to affect all version of PHP since 3.0.13. Furthermore this issue is not resolved by setting the 'php.ini' variable 'allow_url_fopen' to off. Successful exploitation of this issue will allow an attacker to execute arbitrary PHP code on the affected computer; this will allow the execution of commands to the underlying operating system with the privileges of the affected web server process.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   10427

Web Servers : PHP Input Ouput Wrapper Remote Include Function Command Execution Weakness
Port   443
Description   PHP is reportedly affected by an arbitrary command execution weakness through the PHP include() function. This issue is due to a design error that allows the execution of attacker supplied POST PHP commands when URI data is used as an argument to an 'include()' function. This issue affect the PHP module itself; however the problem only presents itself when an application uses a user-supplied URI parameter as an argument to the 'include()' function. This issue is reported to affect all version of PHP since 3.0.13. Furthermore this issue is not resolved by setting the 'php.ini' variable 'allow_url_fopen' to off. Successful exploitation of this issue will allow an attacker to execute arbitrary PHP code on the affected computer; this will allow the execution of commands to the underlying operating system with the privileges of the affected web server process.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   10427

Web Servers : PHP memory_limit Remote Code Execution Vulnerability
Port   80
Description   Reportedly PHP modules compiled with memory_limit support are affected by a remote code execution vulnerability. This issue is due to a failure of the PHP module to properly handle memory_limit request termination. This issue is reportedly exploitable by exploiting the Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability (BID 10619); an attacker can cause premature termination during critical code execution. It should be noted that although the above-mentioned Apache vulnerability is the only known attack vector, there might be other attack vectors that are currently unknown. An attacker can exploit this issue to execute arbitrary code on an affected computer within the context of the vulnerable application, facilitating unauthorized access.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CAN-2004-0594
BugtraqID   10725

Web Servers : PHP memory_limit Remote Code Execution Vulnerability
Port   443
Description   Reportedly PHP modules compiled with memory_limit support are affected by a remote code execution vulnerability. This issue is due to a failure of the PHP module to properly handle memory_limit request termination. This issue is reportedly exploitable by exploiting the Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability (BID 10619); an attacker can cause premature termination during critical code execution. It should be noted that although the above-mentioned Apache vulnerability is the only known attack vector, there might be other attack vectors that are currently unknown. An attacker can exploit this issue to execute arbitrary code on an affected computer within the context of the vulnerable application, facilitating unauthorized access.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CAN-2004-0594
BugtraqID   10725

Web Servers : PHP openlog() Buffer Overflow Vulnerability
Port   80
Description   A buffer overflow has been reported in the PHP openlog() function. By passing an argument of excessive size to the function, it may be possible for an attacker to overwrite memory, resulting in a denial of service. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary commands within the PHP interpreter.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7210
Web Servers : PHP openlog() Buffer Overflow Vulnerability
Port   443
Description   A buffer overflow has been reported in the PHP openlog() function. By passing an argument of excessive size to the function, it may be possible for an attacker to overwrite memory, resulting in a denial of service. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary commands within the PHP interpreter.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7210

Web Servers : PHP PHP_Variables Remote Memory Disclosure Vulnerability
Port   80
Description   A vulnerability is reported to present itself in the array parsing functions of the 'php_variables.c' PHP source file. The vulnerability occurs when a PHP script is being used to print URI parameters or data, that are supplied by a third party, into a dynamically generated web page. It is reported that the vulnerable function does not strip certain characters from the user supplied data, this may ultimately be harnessed to manipulate the parsing function into returning regions of process memory to the attacker.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   11334

Web Servers : PHP PHP_Variables Remote Memory Disclosure Vulnerability
Port   443
Description   A vulnerability is reported to present itself in the array parsing functions of the 'php_variables.c' PHP source file. The vulnerability occurs when a PHP script is being used to print URI parameters or data, that are supplied by a third party, into a dynamically generated web page. It is reported that the vulnerable function does not strip certain characters from the user supplied data, this may ultimately be harnessed to manipulate the parsing function into returning regions of process memory to the attacker.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   11334
Web Servers : PHP PHP_Variables Remote Memory Disclosure Vulnerability
Port   8080
Description   A vulnerability is reported to present itself in the array parsing functions of the 'php_variables.c' PHP source file. The vulnerability occurs when a PHP script is being used to print URI parameters or data, that are supplied by a third party, into a dynamically generated web page. It is reported that the vulnerable function does not strip certain characters from the user supplied data, this may ultimately be harnessed to manipulate the parsing function into returning regions of process memory to the attacker.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   11334
Web Servers : PHP PHP_Variables Remote Memory Disclosure Vulnerability
Port   8087
Description   A vulnerability is reported to present itself in the array parsing functions of the 'php_variables.c' PHP source file. The vulnerability occurs when a PHP script is being used to print URI parameters or data, that are supplied by a third party, into a dynamically generated web page. It is reported that the vulnerable function does not strip certain characters from the user supplied data, this may ultimately be harnessed to manipulate the parsing function into returning regions of process memory to the attacker.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   11334

Web Servers : PHP PHPInfo Cross-Site Scripting Vulnerability
Port   80
Description   Scripts that include the PHP phpinfo() debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes hostile client-side script code or HTML. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7805

Web Servers : PHP PHPInfo Cross-Site Scripting Vulnerability
Port   443
Description   Scripts that include the PHP phpinfo() debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes hostile client-side script code or HTML. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7805

Web Servers : PHP socket_iovec_alloc() Integer Overflow Vulnerability
Port   80
Description   A vulnerability has been reported in PHP versions 4.3.1 and earlier. The problem occurs in the socket_iovec_alloc() and may allow an attacker to corrupt memory. Specifically, the affected function fails to carry out sanity checks on user-supplied argument values, making it prone to an integer overflow. This may make it possible for an attacker to trigger a denial of service. Although it has not been confirmed, it may also be possible to exploit this issue to execute arbitrary code.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7187

Web Servers : PHP socket_iovec_alloc() Integer Overflow Vulnerability
Port   443
Description   A vulnerability has been reported in PHP versions 4.3.1 and earlier. The problem occurs in the socket_iovec_alloc() and may allow an attacker to corrupt memory. Specifically, the affected function fails to carry out sanity checks on user-supplied argument values, making it prone to an integer overflow. This may make it possible for an attacker to trigger a denial of service. Although it has not been confirmed, it may also be possible to exploit this issue to execute arbitrary code.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7187

Web Servers : PHP socket_recv() Signed Integer Memory Corruption Vulnerability
Port   80
Description   A vulnerability has been reported in PHP versions 4.3.1 and earlier. The problem occurs in the socket_recv() and may allow an attacker to corrupt memory. Specifically, the affected function fails to carry out sanity checks on user-supplied argument values, making it prone to an integer overflow. This may make it possible for an attacker to trigger a denial of service. Although it has not been confirmed, it may also be possible to exploit this issue to execute arbitrary code.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7197

Web Servers : PHP socket_recv() Signed Integer Memory Corruption Vulnerability
Port   443
Description   A vulnerability has been reported in PHP versions 4.3.1 and earlier. The problem occurs in the socket_recv() and may allow an attacker to corrupt memory. Specifically, the affected function fails to carry out sanity checks on user-supplied argument values, making it prone to an integer overflow. This may make it possible for an attacker to trigger a denial of service. Although it has not been confirmed, it may also be possible to exploit this issue to execute arbitrary code.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7197

Web Servers : PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability
Port   80
Description   A vulnerability has been reported in PHP versions 4.3.1 and earlier. The problem occurs in the socket_recvfrom() and may allow an attacker to corrupt memory. Specifically, the affected function fails to carry out sanity checks on user-supplied argument values, making it prone to an integer overflow. This may make it possible for an attacker to trigger a denial of service. Although it has not been confirmed, it may also be possible to exploit this issue to execute arbitrary code.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7198

Web Servers : PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability
Port   443
Description   A vulnerability has been reported in PHP versions 4.3.1 and earlier. The problem occurs in the socket_recvfrom() and may allow an attacker to corrupt memory. Specifically, the affected function fails to carry out sanity checks on user-supplied argument values, making it prone to an integer overflow. This may make it possible for an attacker to trigger a denial of service. Although it has not been confirmed, it may also be possible to exploit this issue to execute arbitrary code.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7198

Web Servers : PHP STR_Repeat Boundary Condition Error Vulnerability
Port   80
Description   It has been reported that a buffer overrun exists in the PHP program. Because of this, an attacker may be able to execute arbitrary code.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7259

Web Servers : PHP STR_Repeat Boundary Condition Error Vulnerability
Port   443
Description   It has been reported that a buffer overrun exists in the PHP program. Because of this, an attacker may be able to execute arbitrary code.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7259
Web Servers : PHP Strip_Tags() Function Bypass Vulnerability

Port   80
Description   It is reported that it is possible to bypass PHPs strip_tags() function. It is reported that under certain circumstances, PHPs strip_tags() function will improperly leave malformed tags in place. This vulnerability may mean that previously presumed-safe web applications could contain multiple cross-site scripting and HTML injection vulnerabilities when viewed by Microsoft Internet Explorer or Apple Safari web browsers. It is reported that 'magic_quotes_gpc' must be off for PHP to be vulnerable to this issue.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CAN-2004-0595
BugtraqID   10724


« Última modificación: Febrero 12, 2005, 04:52:39 por rosubcero »	En línea

rosubcero
Visitante

Lista de Vulnerabilidades II

« Respuesta #1 en: Febrero 12, 2005, 02:53:10 »

sige la lista:

Web Servers : PHP Strip_Tags() Function Bypass Vulnerability
Port   443
Description   It is reported that it is possible to bypass PHPs strip_tags() function. It is reported that under certain circumstances, PHPs strip_tags() function will improperly leave malformed tags in place. This vulnerability may mean that previously presumed-safe web applications could contain multiple cross-site scripting and HTML injection vulnerabilities when viewed by Microsoft Internet Explorer or Apple Safari web browsers. It is reported that 'magic_quotes_gpc' must be off for PHP to be vulnerable to this issue.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CAN-2004-0595
BugtraqID   10724

Web Servers : PHP Transparent Session ID Cross Site Scripting Vulnerability
Port   80
Description   A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting this vulnerability by constructing a malicious link containing script code embedded within this variable.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7761

Web Servers : PHP Transparent Session ID Cross Site Scripting Vulnerability
Port   443
Description   A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting this vulnerability by constructing a malicious link containing script code embedded within this variable.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   7761

Web Servers : PHP Unspecified Remote Arbitrary File Upload Vulnerability
Port   80
Description   Reportedly PHP is vulnerable to an unspecified arbitrary file upload vulnerability. The details of this issue are currently unavailable. This BID will be updated when more information is released. An attacker may exploit this issue to upload arbitrary files to a computer running the affected software. This may facilitate arbitrary server-side script code execution as well as other attacks.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   11190

Web Servers : PHP Unspecified Remote Arbitrary File Upload Vulnerability
Port   443
Description   Reportedly PHP is vulnerable to an unspecified arbitrary file upload vulnerability. The details of this issue are currently unavailable. This BID will be updated when more information is released. An attacker may exploit this issue to upload arbitrary files to a computer running the affected software. This may facilitate arbitrary server-side script code execution as well as other attacks.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   11190

Web Servers : PHP Unspecified Remote Arbitrary File Upload Vulnerability
Port   8080
Description   Reportedly PHP is vulnerable to an unspecified arbitrary file upload vulnerability. The details of this issue are currently unavailable. This BID will be updated when more information is released. An attacker may exploit this issue to upload arbitrary files to a computer running the affected software. This may facilitate arbitrary server-side script code execution as well as other attacks.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   11190

Web Servers : PHP Unspecified Remote Arbitrary File Upload Vulnerability
Port   8087
Description   Reportedly PHP is vulnerable to an unspecified arbitrary file upload vulnerability. The details of this issue are currently unavailable. This BID will be updated when more information is released. An attacker may exploit this issue to upload arbitrary files to a computer running the affected software. This may facilitate arbitrary server-side script code execution as well as other attacks.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   11190

Web Servers : PHP4 Base64_Encode() Integer Overflow Vulnerability
Port   80
Description   PHP4 has been reported prone to a potential integer overflow vulnerability. The issue is reported to present itself in the base64_encode() function that is distributed as part of the PHP4 API. Although unconfirmed it has been conjectured that this issue may be due to an unsigned integer value wrapping to a value of zero. This value may then be used in boundary controls, or in arithmetic that may potentially influence execution flow or result in the corruption of sensitive regions of memory. It is currently unknown whether this condition is exploitable or not.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   8693

Web Servers : PHP4 Base64_Encode() Integer Overflow Vulnerability
Port   443
Description   PHP4 has been reported prone to a potential integer overflow vulnerability. The issue is reported to present itself in the base64_encode() function that is distributed as part of the PHP4 API. Although unconfirmed it has been conjectured that this issue may be due to an unsigned integer value wrapping to a value of zero. This value may then be used in boundary controls, or in arithmetic that may potentially influence execution flow or result in the corruption of sensitive regions of memory. It is currently unknown whether this condition is exploitable or not.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   8693

Web Servers : PHP4 Multiple Vulnerabilities
Port   80
Description   PHP have released an upgrade to address multiple vulnerabilities, including integer overflow issues that have been reported to affect PHP4 and bundled software. Exploitation of these issues may have varying impacts, although unconfirmed potentially resulting in a denial of service or ultimately arbitrary code execution.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   8696

Web Servers : PHP4 Multiple Vulnerabilities
Port   443
Description   PHP have released an upgrade to address multiple vulnerabilities, including integer overflow issues that have been reported to affect PHP4 and bundled software. Exploitation of these issues may have varying impacts, although unconfirmed potentially resulting in a denial of service or ultimately arbitrary code execution.
How to fix   Upgrade to the current version of PHP.
Risk Level   High
Related Links   PHP Home Page.
CVE   CVE-MAP-NOMATCH
BugtraqID   8696

Web Servers : Apache Cygwin Directory Traversal Vulnerability
Port   8080
Description   It has been reported that Apache may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. This issue is only reported to present itself in Apache running on cygwin platforms. A remote attacker may traverse outside the server root directory by using encoded '\..' character sequences.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   9733

Web Servers : Apache Cygwin Directory Traversal Vulnerability
Port   8087
Description   It has been reported that Apache may be prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. This issue is only reported to present itself in Apache running on cygwin platforms. A remote attacker may traverse outside the server root directory by using encoded '\..' character sequences.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   9733

Web Servers : Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
Port   8080
Description   LIMIT directives are commonly used in htaccess files to restrict HTTP methods that are available for a particular resource. However it has been reported that if the requested resource is served by an Apache module and not by Apache Server itself, LIMIT restrictions may not apply. Additionally, CGI/Script resources that do not sufficiently check the calling method may potentially be invoked with methods not listed in the LIMIT clause to evade LIMIT restrictions.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   9874

Web Servers : Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
Port   8087
Description   LIMIT directives are commonly used in htaccess files to restrict HTTP methods that are available for a particular resource. However it has been reported that if the requested resource is served by an Apache module and not by Apache Server itself, LIMIT restrictions may not apply. Additionally, CGI/Script resources that do not sufficiently check the calling method may potentially be invoked with methods not listed in the LIMIT clause to evade LIMIT restrictions.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   9874

Web Servers : Apache HTDigest Arbitrary Command Execution Vulnerability
Port   8080
Description   A vulnerability has been reported for Apache. Reportedly, the htdigest utility may be prone to a command execution vulnerability. The vulnerability is due to insecure system() calls when processing commandline options. This may reportedly be an issue in circumstances where htdigest is called from a CGI script.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   5991

Web Servers : Apache HTDigest Arbitrary Command Execution Vulnerability
Port   8087
Description   A vulnerability has been reported for Apache. Reportedly, the htdigest utility may be prone to a command execution vulnerability. The vulnerability is due to insecure system() calls when processing commandline options. This may reportedly be an issue in circumstances where htdigest is called from a CGI script.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   5991

Web Servers : Apache HTDigest Insecure Temporary File Vulnerability
Port   8080
Description   Apache creates temporary files insecurely for htdigest. As a result, it is possible for local attackers to read or corrupt the Apache password file. If the attacker can write custom-data to the password file, it may be possible to gain unauthorized access to resources protected by htpasswd. Alternatively, an attacker could reportedly read the password file and gain unauthorized access to credentials.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   5992

Web Servers : Apache HTDigest Insecure Temporary File Vulnerability
Port   8087
Description   Apache creates temporary files insecurely for htdigest. As a result, it is possible for local attackers to read or corrupt the Apache password file. If the attacker can write custom-data to the password file, it may be possible to gain unauthorized access to resources protected by htpasswd. Alternatively, an attacker could reportedly read the password file and gain unauthorized access to credentials.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   5992

Web Servers : Apache HTPasswd Insecure Temporary File Vulnerability
Port   8080
Description   Apache creates temporary files insecurely for htpasswd. As a result, it is possible for local attackers to read or corrupt the Apache password file. If the attacker can write custom-data to the password file, it may be possible to gain unauthorized access to resources protected by htpasswd. Alternatively, an attacker could reportedly read the password file and gain unauthorized access to credentials.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CAN-2002-1233
BugtraqID   5990

Web Servers : Apache HTPasswd Insecure Temporary File Vulnerability
Port   8087
Description   Apache creates temporary files insecurely for htpasswd. As a result, it is possible for local attackers to read or corrupt the Apache password file. If the attacker can write custom-data to the password file, it may be possible to gain unauthorized access to resources protected by htpasswd. Alternatively, an attacker could reportedly read the password file and gain unauthorized access to credentials.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CAN-2002-1233
BugtraqID   5990

Web Servers : Apache htpasswd Password Entropy Weakness
Port   8080
Description   A weakness has been discovered in the way that the Apache htpasswd utility generates salts. Specifically, the salt is generated based of the current system time. As a result, salts generated within the same second will be identical. This may pose a security weakness if the server were implementing the use of default passwords and an attacker were capable of disclosing the contents of htpasswd.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   8707

Web Servers : Apache htpasswd Password Entropy Weakness
Port   8087
Description   A weakness has been discovered in the way that the Apache htpasswd utility generates salts. Specifically, the salt is generated based of the current system time. As a result, salts generated within the same second will be identical. This may pose a security weakness if the server were implementing the use of default passwords and an attacker were capable of disclosing the contents of htpasswd.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   8707

Web Servers : Apache HTTP Server Multiple Vulnerabilities
Port   8080
Description   Apache HTTP Server version 1.3.28 has been released in response to multiple vulnerabilities discovered. Apache is vulnerable to three potential security issues. The impact of these vulnerabilities includes denial of service, file descriptor leakage, and logging failures.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   8226

Web Servers : Apache HTTP Server Multiple Vulnerabilities
Port   8087
Description   Apache HTTP Server version 1.3.28 has been released in response to multiple vulnerabilities discovered. Apache is vulnerable to three potential security issues. The impact of these vulnerabilities includes denial of service, file descriptor leakage, and logging failures.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   8226

Web Servers : Apache Mod_Access Access Control Rule Bypass Vulnerability
Port   8080
Description   Apache mod_access has been reported to be prone to an access rule bypass vulnerability. When an Allow or Deny rule is specified and an IP address is used in the rule without a netmask, the affected module may fail to match the rule. As a result of this vulnerability, access controls may not be enforced correctly.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CAN-2003-0993
BugtraqID   9829

Web Servers : Apache Mod_Access Access Control Rule Bypass Vulnerability
Port   8087
Description   Apache mod_access has been reported to be prone to an access rule bypass vulnerability. When an Allow or Deny rule is specified and an IP address is used in the rule without a netmask, the affected module may fail to match the rule. As a result of this vulnerability, access controls may not be enforced correctly.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CAN-2003-0993
BugtraqID   9829

Web Servers : Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
Port   8080
Description   It has been reported that Apache may be prone to a memory corruption vulnerability when parsing malformed password values during authentication. The issue is reported to exist in the authentication modules (mod_auth, mod_auth3, mod_auth4) employed by Apache. All versions of Apache running on 16-bit and 64-bit systems could potentially be vulnerable to this issue.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   10212

Web Servers : Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
Port   8087
Description   It has been reported that Apache may be prone to a memory corruption vulnerability when parsing malformed password values during authentication. The issue is reported to exist in the authentication modules (mod_auth, mod_auth3, mod_auth4) employed by Apache. All versions of Apache running on 16-bit and 64-bit systems could potentially be vulnerable to this issue.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   10212


« Última modificación: Febrero 12, 2005, 04:29:31 por rosubcero »	En línea

rosubcero
Visitante

Lista de Vulnerabilidades III

« Respuesta #2 en: Febrero 12, 2005, 03:03:08 »

Continua aca....

Web Servers : Apache mod_php Global Variables Information Disclosure Weakness
Port   8080
Description   It has been reported that Apache mod_php may be prone to a weakness that may allow remote attackers to disclose sensitive information via influencing global variables. This issue may lead to other vulnerabilites that result from setting register_globals to on, due to an attacker's ability to influence global variables. An attacker may also be able to disclose sensitive information in order to gain unauthorized access.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   9599

Web Servers : Apache mod_php Global Variables Information Disclosure Weakness
Port   8087
Description   It has been reported that Apache mod_php may be prone to a weakness that may allow remote attackers to disclose sensitive information via influencing global variables. This issue may lead to other vulnerabilites that result from setting register_globals to on, due to an attacker's ability to influence global variables. An attacker may also be able to disclose sensitive information in order to gain unauthorized access.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   9599

Web Servers : Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
Port   443
Description   A remote buffer overflow vulnerability exists in Apache mod_proxy. The source of this issue is that a negative user-specified length value may be used in a memory copy operation, allowing for corruption of memory. This may triggered if a remote server returns a negative Content-Length: HTTP header field to be passed through the proxy. Exploitation will likely result in a denial of service, though there is an unconfirmed potential for execution of arbitrary code on some platforms (such as BSD implementations). Versions that have the optional AP_ENABLE_EXCEPTION_HOOK define enabled may also be exploitable on some platforms. This issue affects Apache servers 1.3.26 through 1.3.31 that have mod_proxy enabled and configured. Apache 2.0.x releases are not affected by this issue.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CAN-2004-0492
BugtraqID   10508

Web Servers : Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
Port   80
Description   A remote buffer overflow vulnerability exists in Apache mod_proxy. The source of this issue is that a negative user-specified length value may be used in a memory copy operation, allowing for corruption of memory. This may triggered if a remote server returns a negative Content-Length: HTTP header field to be passed through the proxy. Exploitation will likely result in a denial of service, though there is an unconfirmed potential for execution of arbitrary code on some platforms (such as BSD implementations). Versions that have the optional AP_ENABLE_EXCEPTION_HOOK define enabled may also be exploitable on some platforms. This issue affects Apache servers 1.3.26 through 1.3.31 that have mod_proxy enabled and configured. Apache 2.0.x releases are not affected by this issue.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CAN-2004-0492
BugtraqID   10508

Web Servers : Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
Port   8080
Description   A remote buffer overflow vulnerability exists in Apache mod_proxy. The source of this issue is that a negative user-specified length value may be used in a memory copy operation, allowing for corruption of memory. This may triggered if a remote server returns a negative Content-Length: HTTP header field to be passed through the proxy. Exploitation will likely result in a denial of service, though there is an unconfirmed potential for execution of arbitrary code on some platforms (such as BSD implementations). Versions that have the optional AP_ENABLE_EXCEPTION_HOOK define enabled may also be exploitable on some platforms. This issue affects Apache servers 1.3.26 through 1.3.31 that have mod_proxy enabled and configured. Apache 2.0.x releases are not affected by this issue.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CAN-2004-0492
BugtraqID   10508

Web Servers : Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
Port   8087
Description   A remote buffer overflow vulnerability exists in Apache mod_proxy. The source of this issue is that a negative user-specified length value may be used in a memory copy operation, allowing for corruption of memory. This may triggered if a remote server returns a negative Content-Length: HTTP header field to be passed through the proxy. Exploitation will likely result in a denial of service, though there is an unconfirmed potential for execution of arbitrary code on some platforms (such as BSD implementations). Versions that have the optional AP_ENABLE_EXCEPTION_HOOK define enabled may also be exploitable on some platforms. This issue affects Apache servers 1.3.26 through 1.3.31 that have mod_proxy enabled and configured. Apache 2.0.x releases are not affected by this issue.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CAN-2004-0492
BugtraqID   10508

Web Servers : Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability
Port   443
Description   A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue is exposed in utility code for uuencoding binary data. This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   10355

Web Servers : Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability
Port   80
Description   A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue is exposed in utility code for uuencoding binary data. This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   10355

Web Servers : Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability
Port   8080
Description   A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue is exposed in utility code for uuencoding binary data. This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   10355

Web Servers : Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability
Port   8087
Description   A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue is exposed in utility code for uuencoding binary data. This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   10355

Web Servers : Apache mod_userdir Module Information Disclosure Vulnerability
Port   443
Description   It is reported that the Apache mod_userdir module is prone to an information disclosure vulnerability. The issue is reported to exist because the module is configured in an insecure manner by default. It is reported that an attacker may exploit this vulnerability to harvest user account usernames that are present on the affected host.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   10789

Web Servers : Apache mod_userdir Module Information Disclosure Vulnerability
Port   80
Description   It is reported that the Apache mod_userdir module is prone to an information disclosure vulnerability. The issue is reported to exist because the module is configured in an insecure manner by default. It is reported that an attacker may exploit this vulnerability to harvest user account usernames that are present on the affected host.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   10789

Web Servers : Apache mod_userdir Module Information Disclosure Vulnerability
Port   8080
Description   It is reported that the Apache mod_userdir module is prone to an information disclosure vulnerability. The issue is reported to exist because the module is configured in an insecure manner by default. It is reported that an attacker may exploit this vulnerability to harvest user account usernames that are present on the affected host.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   10789

Web Servers : Apache mod_userdir Module Information Disclosure Vulnerability
Port   8087
Description   It is reported that the Apache mod_userdir module is prone to an information disclosure vulnerability. The issue is reported to exist because the module is configured in an insecure manner by default. It is reported that an attacker may exploit this vulnerability to harvest user account usernames that are present on the affected host.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   10789

Web Servers : Apache printenv Sample Script Cross Site Scripting Vulnerability
Port   8080
Description   A cross site scripting vulnerability has been reported in a sample script included with Apache. The vulnerability exists in the 'printenv' script. Due to insufficient sanitization of web requests, it is possible for attackers to embed malicious script code when making HTTP requests. This may be exploited to steal cookie-based authentication credentials. It should be noted that this script is not installed as an executable script and any output is rendered in plain text.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   6466

Web Servers : Apache printenv Sample Script Cross Site Scripting Vulnerability
Port   8087
Description   A cross site scripting vulnerability has been reported in a sample script included with Apache. The vulnerability exists in the 'printenv' script. Due to insufficient sanitization of web requests, it is possible for attackers to embed malicious script code when making HTTP requests. This may be exploited to steal cookie-based authentication credentials. It should be noted that this script is not installed as an executable script and any output is rendered in plain text.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   6466

Web Servers : Apache Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
Port   8080
Description   Apache Webserver and Tomcat are HTTP servers maintained and distributed by the Apache project. Apache Webserver and Tomcat are available for the Unix, Linux, and Microsoft Windows platforms. It has been reported that a denial of service exists in Apache Webserver and Tomcat when mod_jk is used. Due to design problems in the module, a user submitting malicious requests to the Apache Webserver may cause desynchronization between Apache and Tomcat. This could be done through malicious chunked encoding requests.
How to fix   Upgrading to the latest versions of Tomcat or Apache.
Risk Level   Medium
Related Links   Tomcat Home PageApache Web Server
CVE   GENERIC-MAP-NOMATCH
BugtraqID   6320

Web Servers : Apache Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
Port   8087
Description   Apache Webserver and Tomcat are HTTP servers maintained and distributed by the Apache project. Apache Webserver and Tomcat are available for the Unix, Linux, and Microsoft Windows platforms. It has been reported that a denial of service exists in Apache Webserver and Tomcat when mod_jk is used. Due to design problems in the module, a user submitting malicious requests to the Apache Webserver may cause desynchronization between Apache and Tomcat. This could be done through malicious chunked encoding requests.
How to fix   Upgrading to the latest versions of Tomcat or Apache.
Risk Level   Medium
Related Links   Tomcat Home PageApache Web Server
CVE   GENERIC-MAP-NOMATCH
BugtraqID   6320

Web Servers : Apache Web Server ETag Header Information Disclosure Weakness
Port   8080
Description   A weakness has been discovered in Apache web servers that are configured to use the FileETag directive. Due to the way in which Apache generates ETag response headers, it may be possible for an attacker to obtain sensitive information regarding server files. Specifically, ETag header fields returned to a client contain the file's inode number. Exploitation of this issue may provide an attacker with information that may be used to launch further attacks against a target network.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   GENERIC-MAP-NOMATCH
BugtraqID   6939

Web Servers : Apache Web Server ETag Header Information Disclosure Weakness
Port   8087
Description   A weakness has been discovered in Apache web servers that are configured to use the FileETag directive. Due to the way in which Apache generates ETag response headers, it may be possible for an attacker to obtain sensitive information regarding server files. Specifically, ETag header fields returned to a client contain the file's inode number. Exploitation of this issue may provide an attacker with information that may be used to launch further attacks against a target network.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   GENERIC-MAP-NOMATCH
BugtraqID   6939


« Última modificación: Febrero 12, 2005, 04:32:14 por rosubcero »	En línea

rosubcero
Visitante

Lista de Vulnerabilidades IV

« Respuesta #3 en: Febrero 12, 2005, 03:09:39 »

Continua la lista...:

Web Servers : Apache Web Server MIME Boundary Information Disclosure Vulnerability
Port   8080
Description   A vulnerability has been discovered in the Apache web server that may result in the disclosure of sensitive information. Specifically, sensitive process information is used within generated MIME message boundaries. Access to this information may aid an attacker in launching attacks further attacks against target services. OpenBSD has released a patch that addresses this issue. MIME boundaries are now generated by the server using BASE64 encoded random numbers.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   GENERIC-MAP-NOMATCH
BugtraqID   6943

Web Servers : Apache Web Server MIME Boundary Information Disclosure Vulnerability
Port   8087
Description   A vulnerability has been discovered in the Apache web server that may result in the disclosure of sensitive information. Specifically, sensitive process information is used within generated MIME message boundaries. Access to this information may aid an attacker in launching attacks further attacks against target services. OpenBSD has released a patch that addresses this issue. MIME boundaries are now generated by the server using BASE64 encoded random numbers.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   GENERIC-MAP-NOMATCH
BugtraqID   6943

Web Servers : Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
Port   8080
Description   A vulnerability has been reported in Apache that may allow a local attacker to execute arbitrary code on vulnerable host. The issue is reported to exist due to a lack of bounds checking by the software, leading to a buffer overflow condition. The problem is reported to exist in the mod_alias and mod_rewrite modules when a regular e-xpression is configured with more the 9 captures using parenthesis. This issue may allow an attacker to gain unauthorized access to a vulnerable host. Successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the web server in order to gain unauthorized access to a vulnerable system.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CAN-2003-0542
BugtraqID   8911

Web Servers : Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
Port   8087
Description   A vulnerability has been reported in Apache that may allow a local attacker to execute arbitrary code on vulnerable host. The issue is reported to exist due to a lack of bounds checking by the software, leading to a buffer overflow condition. The problem is reported to exist in the mod_alias and mod_rewrite modules when a regular e-xpression is configured with more the 9 captures using parenthesis. This issue may allow an attacker to gain unauthorized access to a vulnerable host. Successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the web server in order to gain unauthorized access to a vulnerable system.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CAN-2003-0542
BugtraqID   8911

Web Servers : Multiple Apache HTDigest Buffer Overflow Vulnerabilities
Port   8080
Description   Buffer overflow vulnerabilities have been reported to exist in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied data into local buffers. This may be an issue if htdigest is called from a CGI script. An attacker may be able to supply malformed data to the program which will cause the overflow to occur.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   5993

Web Servers : Multiple Apache HTDigest Buffer Overflow Vulnerabilities
Port   8087
Description   Buffer overflow vulnerabilities have been reported to exist in the htdigest utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied data into local buffers. This may be an issue if htdigest is called from a CGI script. An attacker may be able to supply malformed data to the program which will cause the overflow to occur.
How to fix   Upgrade to the current version of Apache.
Risk Level   Medium
Related Links   Apache Web Server Homepage
CVE   CVE-MAP-NOMATCH
BugtraqID   5993

Mail Servers : SMTP without AuthLogin
Port   25
Description   An SMTP service supports SMTP without AuthLogin.
How to fix   Install authlogin.
Risk Level   Low


« Última modificación: Febrero 12, 2005, 04:35:32 por rosubcero »	En línea

k4ron73
Colaborador

Desconectado

Mensajes: 912

Re: Lista de Vulnerabilidades I

« Respuesta #4 en: Febrero 12, 2005, 03:14:40 »


	En línea

Niklas von Wolfbut
Visitante

Re: Lista de Vulnerabilidades I

« Respuesta #5 en: Febrero 12, 2005, 04:03:10 »

Estoy de acuerdo contigo k4ron73 ciento por ciento...
Un verdadero hacker no explotaria los bugs y haria cosas "malas", sino que alertaria de esto al webmaster.

Esperemos que rosubcero tome en cuenta esto que le has dicho y quienes lean de alguna manera se den cuenta de que es lo correcto en estos casos dentro de la etica hacker.

Cita de: rosubcero en Febrero 12, 2005, 03:09:39

Continua la lista..recuerden....donde puedo conseguir exploit para estas vulnerabilidades:

Y luego hay quienes se estan queje y queje de por que ven feo al hacker... hay que analizar esa mentalidad ...

Saludos


« Última modificación: Febrero 12, 2005, 04:03:48 por Niklas von Wolfbut »	En línea

4le3ek5
Visitante

Re: Lista de Vulnerabilidades I

« Respuesta #6 en: Febrero 12, 2005, 04:22:46 »

wey aparte de la letrota menso!

no ves que en todas te da el ID del bug en bugtraq para que lo busques ahi

arriba de tu mensaje hay un boton que se llama "MODIFICAR" dale ahi


	En línea

rosubcero
Visitante

Re: Lista de Vulnerabilidades I

« Respuesta #7 en: Febrero 12, 2005, 04:49:36 »


	En línea

Niklas von Wolfbut
Visitante

Re: Lista de Vulnerabilidades I

« Respuesta #8 en: Febrero 12, 2005, 04:58:59 »


« Última modificación: Febrero 12, 2005, 05:34:18 por Niklas von Wolfbut »	En línea

k4ron73
Colaborador

Desconectado

Mensajes: 912

Re: Lista de Vulnerabilidades I

« Respuesta #9 en: Febrero 14, 2005, 03:25:33 »


	En línea

rosubcero
Visitante

Re: Lista de Vulnerabilidades I

« Respuesta #10 en: Febrero 14, 2005, 06:29:25 »

JAJA..., les cuento que me he tomado la molestia de redactar un completo informe, junto con el que postee aca, de las vulnerabilidades de la web (hay muchisimas mas, que no he puesto aca, que son mucho peores), que he enviado al webmaster de esa web, y encima, le he indicado como solucionar esos problemas........
Hasta el momento no he recibido respuesta, ni los problemas han sido solucionados....
Alla el webmaster, voy a esperar unos dias mas, si no arregla los problemas....voy a tener que "actuar" y demostrarle de lo ke hablo.......
No pienso destruirle nada..sino ponerte un gran "cartel" de "te lo adverti" en la web.......
No me considero hacker para nada.....me falta muchisiiimoooo para llegar a ese nivel, pero cada dia voy aprendiendo mas y mas......

Saludos.


	En línea

TeChNO
Visitante

Re: Lista de Vulnerabilidades I

« Respuesta #11 en: Febrero 14, 2005, 10:35:59 »

y que te dicen tus amigos de el juaer.net??? -____-


	En línea

Páginas: [1]

Comunidad Underground Hispana \| Phreaking, Hacking y Seguridad \| Bug y Exploits (Moderadores: OzX, y0u-uNsEcUre) \| Tema: Lista de Vulnerabilidades I	« anterior próximo »

	Bienvenido(a), Visitante. Favor de ingresar o registrarse. ¿Perdiste tu email de activación? - Noviembre 18, 2008, 11:39:52