API tools faq
paste
GhostSecCanada

Out-of-date Version (Apache) Privilege Escalation

GhostSecCanada
Nov 4th, 2020
409
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 2.25 KB | None | 0 0
raw download clone embed print report
  1. 111.1.3.135,
  2. Apache/2.2.15 (CentOS) DAV/2
  3. Out-of-date Version (Apache)
  4. Privilege Escalation
  5. Medium (4 ~ 6.9)
  6.  
  7. Identified Version 2.2.15 (contains 4 important and 10 other vulnerabilities)
  8.  
  9. Vulnerability Details
  10.  
  11. Link identified you are using an out-of-date version of Apache.
  12.  
  13. Impact
  14.  
  15. Since this is an old version of the software, it may be vulnerable to attacks.
  16.  
  17. Remedy
  18.  
  19. Please upgrade your installation of Apache to the latest stable version.
  20.  
  21. Remedy References
  22.  
  23. •Downloading the Apache HTTP Server
  24.  
  25. Known Vulnerabilities in this Version
  26.  
  27. Apache mod_cache and mod_dav Request Handling Denial of Service Vulnerability
  28.  
  29. The mod_cache and mod_dav modules in the Apache HTTP Server allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
  30.  
  31. Important Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
  32.  
  33. The mod_proxy module in the Apache HTTP Server does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
  34.  
  35. Apache Multiple XSS Vulnerability
  36.  
  37. Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
  38.  
  39.  
  40. Apache Code Execution Vulnerability
  41.  
  42. mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
  43.  
  44. EFFECTED WEBSITES
  45.  
  46. blnews.cnnb.com.cn  
  47. cate.cnnb.com.cn  
  48. cbs.cnnb.com.cn  
  49. dialog.cnnb.com.cn  
  50. dongman.cnnb.com.cn  
  51. ekan.cnnb.com.cn  
  52. hd.cnnb.com.cn  
  53. js.cnnb.com.cn  
  54. nbgz.cnnb.com.cn  
  55. nbjx.cnnb.com.cn  
  56. nh.cnnb.com.cn  
  57. opinion.cnnb.com.cn  
  58. sports.cnnb.com.cn  
  59. travel.cnnb.com.cn  
  60. yuedu.cnnb.com.cn  
  61. zjunb.cnnb.com.cn  
  62. #GhostSec
  63. #EyePhuckBitches
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!