Posts Tagged ‘Apache’

Apache VulnerabilitySecurity Bypass vulnerability has been found in the Apache mod_rewrite.

The vulnerability allows an attacker to execute arbitrary command when viewing the log file by the server administrator.

In the module mod_rewrite of the HTTP-server Apache 2.2.x series vulnerability has been discovered (CVE-2013-1862), which allows an attacker to execute arbitrary command when viewing the log file by the server administrator.

Through specially crafted requests to the web-server, an attacker can write to a log file, for example, system commands, as mod_rewrite when writing to the log file does not escape special characters. Proper manipulation of sequences allows you to run arbitrary commands as the user performing the scan log (usually these log files are readable only by the user root). (more…)

Apache VulnerabilityVulnerability: Multiple vulnerabilities in Apache HTTP Server

Danger: Low
CVE ID:

CVE-2012-0883
CVE-2012-2687

Affected products: Apache 2.2.x

Affected versions: Apache HTTP Server versions up to 2.2.23. (more…)

Apache VulnerabilityA remote user can conduct DoS-attack.

Affected products: Apache Struts 2.x

Affected versions: Apache Struts versions prior to 2.3.4.1.

Description:

The vulnerability allows malicious people to conduct XSS attacks. (more…)