HP Security Bulletin HPSBOV02683 SSRT090208 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.
a7638da01e18d2a3d9c6e84728556bb08fdb00082b9c904826eb85aa31a5870dThis Metasploit module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This Metasploit module requires REWRITEPATH to be set accurately. In addition, the target must have 'RewriteEngine on' configured, with a specific 'RewriteRule' condition enabled to allow for exploitation. The flaw affects multiple platforms, however this module currently only supports Windows based installations.
96b871a0195d2591844969f9bba63abc59813d3e7296ce6634f95d37eb06d859Apache mod_rewrite escape_absolute_uri() off-by-one buffer overflow Metasploit exploit module. This affects Apache versions 1.3.28 through 1.3.36, 2.0.46 through 2.0.58, and 2.2.1 through 2.2.2.
503139768b0cda278959c2bc8df18f7cb0aee2077db8a28468990531d48c3000HP Security Bulletin - Potential security vulnerabilities have been identified HP System Management
bad94072ba0de67832d1266e25833ffd96de150db9736aa61c3b1fa67d1c6f2dApache version 2.0.58 mod_rewrite remote overflow exploit for win32. Binds a shell to port 4445.
f8d367428261509f9e8e651cc83d34c6b4a4a86c15f633d671023a26ad41b8ddHP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, denial of service, or unauthorized access.
b9ab5890e9d10ad4d8db2527868e8497b4d79f5d2d485da41d732ecbb31e0001Proof of concept exploit for the mod_rewrite vulnerability in Apache that makes use of an off by one overflow in the handling of ldap requests.
47f17f2bae7bce7af834754bc7cd0e1bc951414c01f5d33309f9e31e99e9e771Debian Security Advisory 1132-1 - Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitary code.
d881e081cc1047a05de35da2701a6d15839e8c889d5ce867834afeda3805bdc7Debian Security Advisory 1131-1 - Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitary code
cff27e3d4e10567a89d5fc3f42af79a452df17ae7317ee82c5f7f6ebf191ec49Mandriva Linux Security Advisory MDKSA-2006-133 - Mark Dowd, of McAffee Avert Labs, discovered a potential remotely exploitable off-by-one flaw in Apache's mod_rewrite ldap scheme handling.
7ea66a0d8db3370ee3860ea07f13cce12dd24caa9d29d2fbd5508a949cf83469SUSE Security Announcement SUSE-SA:2006:043 - The mod_rewrite vulnerability in Apache has been patched.
612fec7dc616174adaec186e91536b7c148d1af486ee736e1e7a7ee25ff29e29Mod_rewrite is an Apache module that can be used to remap requests based on regular expression matches of the requested URI. A buffer overflow vulnerability exists when dealing with rewritten URI's that are prefixed with the LDAP protocol scheme.
89573f59a369c297fe3a2e50bec303dac0dec1ddee0ba1457f1cfd898bbab15dAn off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.
f3876d1169158fc551c64958b5e9f885de8ab0264310126aaeecc3277fc486cfOpenPKG Security Advisory OpenPKG-SA-2006.015 - According to a vendor announcement, a vulnerability exists in the mod_rewrite module of the Apache HTTP Server. Depending on the manner in which the Apache HTTP Server was compiled, the software defect may result in a vulnerability which, in combination with certain types of "RewriteRule" directives in the server configuration files, could be triggered remotely.
0c9d96b0aaa38abdb7aa0010ad4314a2444cfef7fe76891a209c6eafd629eb77Ubuntu Security Notice USN-328-1 - Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite module's ldap scheme handling for Apache 2.
5d77a8775e2b6a5bbfe4f64cd313a26d5c76928cd971164d7d08fbd0b0aa3655
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed