what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2008-0005

Status Candidate

Overview

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

Related Files

HP Security Bulletin HPSBOV02683 SSRT090208
Posted May 10, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02683 SSRT090208 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

tags | advisory, web, denial of service, php, vulnerability
advisories | CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010
SHA-256 | a7638da01e18d2a3d9c6e84728556bb08fdb00082b9c904826eb85aa31a5870d
HP Security Bulletin HPSBMA02442 SSRT090108
Posted May 27, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP Business Availability Center running Apache. The vulnerabilities could be remotely exploited to allow Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Denial of Service (DoS).

tags | advisory, denial of service, vulnerability, xss, csrf
advisories | CVE-2008-2939, CVE-2008-2364, CVE-2008-0005, CVE-2007-6422, CVE-2007-6421, CVE-2007-6420, CVE-2007-6388, CVE-2007-5000
SHA-256 | 8984e6a6d71e3911533469692dc0da853eb51153edc9f05ce6268a71ce2b470d
HP Security Bulletin HPSBUX02465 SSRT090192
Posted Oct 23, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.

tags | advisory, web, denial of service, vulnerability, xss
systems | hpux
advisories | CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624
SHA-256 | 917f5771b1ecaed534503ff6b3384773b7597e104b42f7ed74b05115d49f2b09
VMware Security Advisory 2009-0010
Posted Aug 23, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server.

tags | advisory, web, arbitrary
systems | windows
advisories | CVE-2009-0040, CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005
SHA-256 | fa25255a1fe8dc51e8b60d69060b437dd5c2bb2ea3ba80fcabeb503621483800
HP Security Bulletin HPSBUX02431 SSRT090085
Posted Jul 2, 2009
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code. Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-4465, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658
SHA-256 | 188b9f0db86834082088170fd33ebb8a50552ab4a702ee3c2405d86f177e52e0
Gentoo Linux Security Advisory 200803-19
Posted Mar 13, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200803-19 - Adrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method specifier header is not properly sanitized when the HTTP return code is 413 Request Entity too large (CVE-2007-6203). The mod_proxy_balancer module does not properly check the balancer name before using it (CVE-2007-6422). The mod_proxy_ftp does not define a charset in its answers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported that filenames are not properly sanitized within the mod_negociation module (CVE-2008-0455, CVE-2008-0456). Versions less than 2.2.8 are affected.

tags | advisory, web
systems | linux, gentoo
advisories | CVE-2007-6203, CVE-2007-6422, CVE-2008-0005, CVE-2008-0455, CVE-2008-0456
SHA-256 | bb8144208f0da8d18360d59060c3a1605ef72264ec3cb3173d5750c515b79066
Ubuntu Security Notice 575-1
Posted Feb 5, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 575-1 - A slew of denial of service and cross site scripting related vulnerabilities have been patched in the apache2 package.

tags | advisory, denial of service, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005
SHA-256 | fbd90fd3b1d7a6b5559c9b4afb5b47c7da3fc94863094e4710b15c7ae02b1709
Mandriva Linux Security Advisory 2008-016
Posted Jan 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_balancer module could lead to a cross-site scripting attack against an authorized user on sites where mod_proxy_balancer was enabled. Another flaw in the mod_proxy_balancer module was found where, on sites with the module enabled, an authorized user could send a carefully crafted request that would cause the apache child process handling the request to crash, which could lead to a denial of service if using a threaded MPM. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.

tags | advisory, web, denial of service, xss
systems | linux, mandriva
advisories | CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005
SHA-256 | 7011750e86e2350ac4aa01c2801209a1471d2cfd530582dc3a9b8ae8243bbe30
Mandriva Linux Security Advisory 2008-015
Posted Jan 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.

tags | advisory, web, xss
systems | linux, mandriva
advisories | CVE-2007-5000, CVE-2007-6388, CVE-2008-0005
SHA-256 | dda119fab4bbfc092df5941a6d76ce66e859a53e5fab37e511b65b301d0251c9
Mandriva Linux Security Advisory 2008-014
Posted Jan 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw found in the mod_autoindex module could lead to a cross-site scripting attack on sites where mod_autoindex was enabled and the AddDefaultCharset directive was removed from the configuration, against web browsers that did not correctly derive the response character set following the rules in RFC 2616. A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.

tags | advisory, web, xss
systems | linux, mandriva
advisories | CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005
SHA-256 | 99928353f403d25058b0be4b7ae1cc98fadff2fc75cd15dec8eded067ebadb82
apache-modproxy.txt
Posted Jan 11, 2008
Authored by sp3x | Site securityreason.com

Apache versions 2.2.6 and below, 1.3.39 and below, and 2.0.61 and below suffer from an undefined charset UTF-7 cross site scripting vulnerability in mod_proxy_ftp.

tags | advisory, xss
advisories | CVE-2008-0005
SHA-256 | e2cdd9f15d907b6ab09006e8e495b06ef357dc42c4e5998e9acfa5ecc2f30a8a
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close