漏洞类别:Web server漏洞等级: 漏洞信息 Robin Twombly's A1 Web server is a light-weight Web server designed specifically for Windows environments. A remote user could gain read access to directories outside the Web root by requesting a specially crafted URL composed of '../…
漏洞类别:Web server漏洞等级: 漏洞信息 Robin Twombly's A1 Web server is a light-weight Web server designed specifically for Windows environments. It's possible for a remote user to cause a denial of service condition in A1 Server by submitting a specially crafted request t…
漏洞类别:Web server漏洞等级: 漏洞信息 WebDAV is an extension of the HTTP protocol and is installed by default on Microsoft IIS Version 5.0. WebDav enables remote users to manage and collaboratively edit files on remote Web servers. WebDAV contains a flaw in the handling o…
漏洞类别:Web server漏洞等级: 漏洞信息 BEA Systems WebLogic Server is an Enterprise-level Web and wireless application server. Unchecked buffers exist in a particular handler for URL requests that begin with two dots (..). 漏洞危害 Depending on the data entered into the buffer…
漏洞类别:Web server漏洞等级: 漏洞信息 O'Reilly & Associates Website Professional is a Web server designed for Windows environments. It's possible for a remote attacker to disclose the physical path to the root directory on a machine with Website Professional installed…
漏洞类别:Web server漏洞等级: 漏洞信息 Apache contains two helper programs, "htdigest" and "htpasswd", that insecurely create files in the /tmp directory. This may result in a race condition. 漏洞危害 Using a symbolic link, a malicious local user can exploit this vulnerability…
漏洞类别:Web server漏洞等级: 漏洞信息 IBM HTTP Server contains AfpaCache directive, which turns the Fast Response Cache Accelerator function on or off. IBM HTTP Server is subject to a denial of service. Requesting multiple malformed HTTP GET requests will cause the consum…
漏洞类别:Web server漏洞等级: 漏洞信息 Netscape Enterprise Server is industrial-strength Web server software that enables organizations to publish content and deploy network-centric applications. By requesting a specially crafted command via a telnet port, a malicious user…
漏洞类别:Web server漏洞等级: 漏洞信息 Netscape Enterprise Server is industrial-strength Web server software that enables organizations to publish content and deploy network-centric applications. By requesting a specially crafted command via a telnet port, a malicious user…
漏洞类别:Web server漏洞等级: 漏洞信息 Microsoft IIS is shipped with a number of HTR scripts, which are processed by ISAPI extensions. Due to the handling of requests by the ISAPI extensions, it's possible for a remote user to disclose various known files. A maliciously cr…
漏洞类别:Web server漏洞等级: 漏洞信息 Interscan VirusWall is a virus scanner distributed and maintained by Trend Micro. It is designed to scan for virus occurrences in both incoming and outgoing traffic via SMTP, FTP, and HTTP at the gateway of the network. The method use…
漏洞类别:Web server漏洞等级: 漏洞信息 Allaire JRun Version 3.0 HTTP servlet server allows remote users to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash"). 漏洞危害 By exploiting…
漏洞类别:Web server漏洞等级: 漏洞信息 Microsoft's IIS Version 4.0 and 5.0 ASP pages send the same Session ID cookie for secure and insecure Web sessions. A remote unauthorized user may be able to hijack the secure Web session of a legitimate user. This is possible if the …
漏洞类别:Web server漏洞等级: 漏洞信息 Acme THTTPd HTTP server includes a CGI program external to thttpd called "ssi". This program provides the functionality of the built-in server-side-includes feature in some HTTP daemons. The names of files to be filtered through the s…
漏洞类别:Web server漏洞等级: 漏洞信息 WEBactive, developed by ITAfrica, is an HTTP server daemon for small home offices or businesses. WEBactive is vulnerable to a denial of service attack. A malicious user can cause the denial of service by requesting a URL with 280+ cha…
漏洞类别:Web server漏洞等级: 漏洞信息 If a request containing the null character (%00) or the space character (%20) is made to the Roxen WebServer, the server will return directory contents, as well as the source of unparsed scripts and HTML pages. For example, a request …
漏洞类别:Web server漏洞等级: 漏洞信息 It seems that you are running an IBM Websphere Server. If your server is not an IBM Websphere Server, then you can safely ignore this vulnerability. IBM Websphere Server Versions 3.0.2, 3.0 and 2.0 are case-sensitive. If you change th…
漏洞类别:CGI漏洞等级: 漏洞信息 Sun Chili!Soft ASP (CASP) is a cross-platform Active Server Pages implementation for Linux and other platforms, including Lotus Domino, Apache, HP-UX, and AIX. The default installation of Chili!Soft ASP includes sample scripts which are vuln…
漏洞类别:Web server漏洞等级: 漏洞信息 Netscape FastTrak Server is a Web server designed for small workgroups. Netscape FastTrak Server is subject to a denial of service. The cache module within Netscape FastTrak Server contains nonexistent, yet legitimate, URLs. This cach…
漏洞类别:Web server漏洞等级: 漏洞信息 Chili!Soft ASP (CASP) is a cross-platform Active Server Pages implementation for Linux and other platforms, including Lotus Domino, Apache, HP-UX, and AIX. Chili!soft ASP provides a remote Web-based administration console which runs a…
漏洞类别:Web server漏洞等级: 漏洞信息 Netscape Enterprise Server is industrial-strength Web server software that enables organizations to publish content and deploy network-centric applications. It's possible for a remote user to crash Netscape Enterprise Server by compos…
漏洞类别:Web server漏洞等级: 漏洞信息 Resin is a servlet and JSP engine that supports java and javascript. If an HTTP request is appended with certain characters, ServletExec returns the source code of JSP files. This vulnerability is dependent on the platform that Resin …
漏洞类别:Web server漏洞等级: 漏洞信息 Caucho Resin is a servlet and JSP engine that supports java and javascript. Caucho Resin contains a directory traversal vulnerability, which could allow a remote user to gain read access to directories outside the root directory. Requ…
漏洞类别:Web server漏洞等级: 漏洞信息 OmniHTTPD is a compact Windows-based Web server by Omnicron Technologies. OmniHTTPD has various features, such as multiple domain support, keep-alive connections, virtual IP and non-IP server support, and standard CGI support. Due to …
漏洞类别:Web server漏洞等级: 漏洞信息 LocalWEB2000 is an HTTP server designed for a small to medium sized Intranet environment. If you have the Version 1.1.0 of this sever, then it's possible for users to gain read access to any known file residing on the server. By submi…