Apache Tomcat 4.0.3 on a Microsoft Windows platform is vulnerable to a cross-site scripting attack. When making a request for a DOS device file name, Tomcat will throw an exception and respond with an error message. It is also possible for information to be appended to the DOS device when making a request. For example, an attacker can append a malicious JavaScript code to the request, such as 'Javascript:alert(document.domain)'.
When servlet mapping is enabled, it is possible to invoke various servlets and classes and cause Apache Tomcat to throw an exception. This will make cross site scripting attacks possible.
The iPlanet Web Server search engine is prone to a file disclosure vulnerability. It is possible for remote attackers to make requests to the search engine which will cause arbitrary readable files on the host running the vulnerable software to be disclosed to the attacker.
The Microsoft Foundation Class Library is a library used to develop applications for Microsoft Windows. Some versions of the MFC include an ISAPI class, which can be used to construct applications which extend web server functionality. Reportedly, a possible vulnerability exists in some versions of this class. It may be possible to cause a buffer overflow condition in software compiled with vulnerable versions of the library. Exploitation details will vary across different products compiled against the vulnerable library. This issue may be related to misleading Content-Length headers contained in a HTTP POST request. This vulnerability was originally believed to be an issue with Working Resources BadBlue web server. In this case, exploitation has been demonstrated to result in a denial of service condition.
An attacker may exploit a directory traversal vulnerability in Icecast server to determine the existance of a specified directory outside of the web root. This is a result of the server returning different HTTP results for each case.
BadBlue does not properly handle requests that do not adhere to RFC standards. When a user connects to BadBlue via the listening port, and issues a 'GET HTTP/1.0' request without specifying a document, BadBlue becomes unstable. In most cases, the process will crash.
Recent versions of the Linux kernel include a collection of file descriptors which are reserved for usage by processes executing as the root user. By default, the size of this collection is set to 10 file descriptors. It is possible for a local, non-privileged user to open all system file descriptors. The malicious user may then exhaust the pool of reserved descriptors by opening several common suid binaries, resulting in a denial of service condition.
A variant to BID 5086 has been reported to exist. Reportedly, EXT.DLL has been re-designed to pass user input to the cleanSearchString function. Unfortunately, this function is implemented as client side javascript, and unsanitized input must be displayed on the client machine as it is passed to the cleanSearchString function. Additionally, user supplied input is displayed as the hidden form value 'a0' without being sanitized.
KF Web Server version 1.0.2 is vulnerable to a directory disclosure vulnerability. If a remote attacker appends the '%00' character to the URL, it will cause the web server to display the contents of the current directory.
A vulnerability has been reported for MacOS X where an attacker may use SoftwareUpdate to install malicious software on the vulnerable system. SoftwareUpdate uses HTTP, without any authentication, to obtain updates from Apple. Any updated packages are installed on the system as the root user. In order to exploit this vulnerability, the attacker must control the machine located at swquery.apple.com, from the perspective of the vulnerable client. It may be possible to create this condition through some known techniques, including DNS cache poisoning and DNS spoofing.
Services By CQR