Filtered by vendor Redhat
Subscriptions
Filtered by product Stronghold
Subscriptions
Total
48 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2001-0868 | 1 Redhat | 1 Stronghold | 2024-08-08 | N/A |
Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status. | ||||
CVE-2002-1376 | 3 Oracle, Redhat, Symantec Veritas | 6 Mysql, Enterprise Linux, Linux and 3 more | 2024-08-08 | N/A |
libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code. | ||||
CVE-2002-1394 | 2 Apache, Redhat | 3 Tomcat, Rhel Stronghold, Stronghold | 2024-08-08 | N/A |
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148. | ||||
CVE-2002-1157 | 2 Mod Ssl, Redhat | 5 Mod Ssl, Enterprise Linux, Linux and 2 more | 2024-08-08 | N/A |
Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840. | ||||
CVE-2002-1148 | 2 Apache, Redhat | 3 Tomcat, Rhel Stronghold, Stronghold | 2024-08-08 | N/A |
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. | ||||
CVE-2002-0986 | 2 Php, Redhat | 5 Php, Enterprise Linux, Linux and 2 more | 2024-08-08 | N/A |
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." | ||||
CVE-2002-0985 | 3 Openpkg, Php, Redhat | 6 Openpkg, Php, Enterprise Linux and 3 more | 2024-08-08 | N/A |
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. | ||||
CVE-2002-0839 | 3 Apache, Debian, Redhat | 6 Http Server, Debian Linux, Enterprise Linux and 3 more | 2024-08-08 | N/A |
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. | ||||
CVE-2002-0843 | 3 Apache, Oracle, Redhat | 8 Http Server, Application Server, Database Server and 5 more | 2024-08-08 | N/A |
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. | ||||
CVE-2002-0840 | 3 Apache, Oracle, Redhat | 9 Http Server, Application Server, Database Server and 6 more | 2024-08-08 | N/A |
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. | ||||
CVE-2002-0659 | 4 Apple, Openssl, Oracle and 1 more | 8 Mac Os X, Openssl, Application Server and 5 more | 2024-08-08 | N/A |
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. | ||||
CVE-2002-0656 | 4 Apple, Openssl, Oracle and 1 more | 8 Mac Os X, Openssl, Application Server and 5 more | 2024-08-08 | N/A |
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. | ||||
CVE-2002-0653 | 2 Modssl, Redhat | 6 Mod Ssl, Enterprise Linux, Linux and 3 more | 2024-08-08 | 7.8 High |
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries. | ||||
CVE-2002-0655 | 4 Apple, Openssl, Oracle and 1 more | 8 Mac Os X, Openssl, Application Server and 5 more | 2024-08-08 | N/A |
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. | ||||
CVE-2002-0658 | 2 Ossp, Redhat | 5 Mm, Enterprise Linux, Linux and 2 more | 2024-08-08 | N/A |
OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack. | ||||
CVE-2002-0392 | 3 Apache, Debian, Redhat | 7 Http Server, Debian Linux, Enterprise Linux and 4 more | 2024-08-08 | N/A |
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size. | ||||
CVE-2002-0081 | 2 Php, Redhat | 3 Php, Linux, Stronghold | 2024-08-08 | N/A |
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled. | ||||
CVE-2002-0082 | 3 Apache-ssl, Mod Ssl, Redhat | 5 Apache-ssl, Mod Ssl, Linux and 2 more | 2024-08-08 | N/A |
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. | ||||
CVE-2003-0987 | 2 Apache, Redhat | 4 Http Server, Enterprise Linux, Rhel Stronghold and 1 more | 2024-08-08 | N/A |
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. | ||||
CVE-2003-0851 | 3 Cisco, Openssl, Redhat | 7 Css11000 Content Services Switch, Ios, Pix Firewall and 4 more | 2024-08-08 | N/A |
OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. |