漏洞类别:Web server漏洞等级: 漏洞信息 Note: WinGate Versions 2.0 to 4.1 (beta A) are susceptible to this vulnerability. By default, the WinGate log service is configured to only allow connections from 127.0.0.1; however, the log service can also be set to allow connection…
漏洞类别:Web server漏洞等级: 漏洞信息 HSWeb is a Web server offered by Heat-On Software. HSWeb contains a path disclosure vulnerability, which makes it possible for unauthorized remote users to obtain the physical path to the Web root and browse the entire directory listi…
漏洞类别:Web server漏洞等级: 漏洞信息 ServerWorx is a Web server by SoftLite. In Version 3.0, it's possible for unauthorized remote users to gain read access to directories outside the root directory. Requesting a specially crafted URL composed of "../" or ".../" sequence…
漏洞类别:Web server漏洞等级: 漏洞信息 AOLserver is a multi-threaded Web server by America Online. AOLserver is designed for large-scale Web sites and supports Tcl scripting language. AOLserver Versions 3.2 and prior contain a vulnerability that allows unauthorized remote …
漏洞类别:Web server漏洞等级: 漏洞信息 SlimServe HTTPd is a Web server by WhitSoft Development. SlimServe is designed for small- to medium-sized environments. Unauthorized users can cause a denial of service in SlimServe HTTPd server by entering an excessively long GET req…
漏洞类别:Web server漏洞等级: 漏洞信息 GoAhead WebServer is an open-source Web server that supports Active Server Pages, embedded javascript, and SSL authentication and encryption. A specially crafted URL composed of ".." sequences along with the known filename will disclo…
漏洞类别:Web server漏洞等级: 漏洞信息 Sedum HTTP Server is a server designed for Internet and Intranet environments. Unauthorized remote users may succeed in gaining read access to known files outside the root directory. Requesting a specially crafted URL composed of "../…
漏洞类别:Web server漏洞等级: 漏洞信息 Simpleserver:WWW is a freely available Web server from AnalogX. It is designed to provide an easy to use Web server with a friendly interface. SimpleServer:WWW is vulnerable to a buffer overflow attack. By entering an excessively long…
漏洞类别:Web server漏洞等级: 漏洞信息 NT Mail Server can be configured as a proxy server, as well as a Web configuration server. By default, each function is assigned a port. The configuration function uses port 8000 and the proxy function uses port 8080. If a separate pr…
漏洞类别:Web server漏洞等级: 漏洞信息 Gordano NTMail includes a Web configuration service, which runs on port 8000 by default. This service does not properly flush incomplete HTTP requests, making NTMail susceptible to a denial of service attack. A malicious user can caus…
漏洞类别:Web server漏洞等级: 漏洞信息 THTTPd Web server Versions 1.90a to 2.04 do not perform correct bounds checking in the date parsing function, tdate_parse(). 漏洞危害 If successfully exploited, unauthorized remote users can execute commands on the host with the permissio…
漏洞类别:Web server漏洞等级: 漏洞信息 vqServer Version 1.4.49 is subject to a denial of service attack. If a GET request containing 65,000 characters is sent to the server, then the server will stop responding. 漏洞危害 By exploiting this vulnerability, a malicious user can c…
漏洞类别:CGI漏洞等级: 漏洞信息 BEA Systems WebLogic Server is an Enterprise-level Web and wireless application server. The WebLogic Server can be integrated with third-party Web servers. This is accomplished by a plug-in that allows the third-party Web server to proxy req…
漏洞类别:Web server漏洞等级: 漏洞信息 BEA Systems WebLogic Server is an Enterprise-level Web and wireless application server. Some versions of BEA Systems Weblogic Server contain a vulnerability allowing unauthorized users to view the source of .jsp and .jhtml pages resid…
漏洞类别:Web server漏洞等级: 漏洞信息 BEA Systems WebLogic Server is an enterprise-level Web and wireless application server. BEA incorrectly handles .jsp and .jhtml files, allowing remote compilation and execution of jsp code. When the deployment environment is not prope…
漏洞类别:Web server漏洞等级: 漏洞信息 Microsoft's IIS Versions 2.0 and 3.0 contain a vulnerability that allows unauthorized remote users to crash the service by requesting a particularly long address. 漏洞危害 By exploiting this vulnerability, unauthorized users can perform a…
漏洞类别:Web server漏洞等级: 漏洞信息 Some versions of Microsoft's IIS Version 4.0 allow users to retrieve a dynamic Web page (such as those generated by .asp or PERL scripts) regardless of the HTTP method name, even though only the GET method is defined in the protocol f…
漏洞类别:Web server漏洞等级: 漏洞信息 IBM HTTP Server is a Web server powered by Apache. The Windows NT version is subject to the following denial of service vulnerability: Issuing an unusually long GET request comprised of approximately 219 characters will cause the serv…
漏洞类别:Web server漏洞等级: 漏洞信息 602Pro LAN SUITE is an application that provides connection sharing, as well as e-mail and fax services for networks. Remote administration capabilities exist through an integrated HTTP Server. A buffer overflow can occur within the r…
漏洞类别:Web server漏洞等级: 漏洞信息 NetSnap is a Web cam application that transmits images, enabling the user to directly publish footage from the camera to the Web. NetSnap is shipped with an HTTP server. NetSnap is subject to a buffer overflow attack because of it's h…
漏洞类别:Web server漏洞等级: 漏洞信息 Microsoft IIS Version 3.0 contains a source disclosure vulnerability. It will return the source code of various server side script files, such as ASP files, if the filename in the URL request contains "%2e", which is the hex value for…
漏洞类别:Web server漏洞等级: 漏洞信息 By sending a specially-crafted request comprised of approximately 198 to 240 characters with a .shtml (default) file extension, unauthorized users can cause a buffer overflow and execute arbitrary code. This is due to the way iPlanet …
漏洞类别:Web server漏洞等级: 漏洞信息 There is a vulnerability in the code that handles error logging on PHP scripts. Unauthorized users can exploit this vulnerability by crafting a string containing malicious format specifiers. 漏洞危害 If successfully exploited, malicious u…
漏洞类别:Web server漏洞等级: 漏洞信息 Any user from any host can obtain a list of packages installed on a S.u.S.E Version 6.3 or 6.4 system by submitting the following URL to the Web server: http://www.example.org/doc/packages/ This vulnerability is due to a configuration…
漏洞类别:Web server漏洞等级: 漏洞信息 If the Apache configuration file (/etc/httpd/httpd.conf) contains the following Alias entry, then all files in /cgi-bin/ can be accessed via URLs of the format http://target/cgi-bin-sdb: Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/ B…