The remote host is running a version of Tomcat server lower than 6.0.16.  This version of Tomcat is vulnerable to a flaw in the way that it handles exceptions.  According to the vendor, if an exception occurs during the processing of parameters, the parameters may be used in future requests to disclose potentially confidential data.

The version of Apache Tomcat installed on the remote host is affected by a directory traversal issue.  By encoding directory traversal sequences as UTF-8 in a request, an unauthenticated remote attacker can leverage this issue to view arbitrary files on the remote host.  Note that successful exploitation requires that a context be configured with 'allowLinking' set to 'true' and the connector with 'URIEncoding' set to 'UTF-8', neither of which is a default setting.

This version of Tomcat is reported to be vulnerable to several flaws.  First, the application fails to sanitize user input to the 'RequestDispatcher' method.  An attacker exploiting this flaw could request content outside the web root (typically through the use of '../' or similar sequences).  If successful, the attacker could gain access to confidential data.  Second, the application is vulnerable to a cross-site scripting (XSS) attack via the 'HttpServerResponse.sendError()' function.  The user-supplied data is echoed back within the response headers and could lead to arbitrary code being executed within the browser of Tomcat clients.

The remote host is running the Apache Tomcat server.  This version of Tomcat is vulnerable to a directory traversal flaw.  An attacker exploiting this flaw would only need to be able to send a malformed request to the server.  Successful exploitation would result in the attacker being able to read arbitrary files with the permission of the web server process.  This can lead to disclosure of source code or confidential data.

The remote web server includes an example JSP application, 'cal2.jsp' that fails to sanitize user-supplied input before using it to generate dynamic content.  An unauthenticated remote attacker may be able to leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.

The remote host is running a version of Tomcat server less than 6.0.15.  This version of Tomcat is vulnerable to a flaw in the way that it parses WEBDAV 'lock' requests.  Specifically, if the lock request references an external file, Tomcat will retrieve the file.  This could lead to information disclosure of potentially confidential data.  An attacker exploiting this flaw would need to have the ability to authenticate to the Tomcat server.

The version of Apache Tomcat installed on the remote host is affected by a multiple vulnerabilities : 

  - A username enumeration vulnerability exists when FORM based authentication with either the MemoryRealm, DataSourceRealm, or JDBCRealm is used. (CVE-2009-0580)

  - A denial of service exists if Tomcat receives a request with invalid headers via the Java AJP connector. (CVE-2009-0033)

  - A remote information-disclosure vulnerability exists in the 'RequestDispatcher' can be exploited to gain access to content in the 'WEB-INF' directory. (CVE-2008-5515)

  - It is possible for a web application to replace the XML parser used by Tomcat to process 'web.xml', 'context.xml', and 'tld' files.

The remote host is running a version of mod_auth_pgsql_sys which is older than 0.9.5. It is vulnerable to a SQL injection attack which may let anyone bypass authentication or even modify your database.

The remote host appears to be running a version of Apache, an open source web server.  This version of Apache is vulnerable to a flaw in the 'htdigest' utilility.  Specifically, a long user-supplied realm will cause an overflow and execution of arbitrary code.  This issue is not considered a local flaw, as the program is not run setuid.  An attacker exploiting this flaw would need to find a vulnerable Apache Web server that was making a call to 'htdigest' via a CGI script.

The remote host is running a version of mod_auth_pg which is older than 1.2b3. It is vulnerable to a SQL injection attack which may let anyone bypass authentication or even modify your database.

The remote host is using a version of Apache-SSL which is older than 1.47. This version is vulnerable to a buffer overflow which may allow an attacker to execute arbitrary commands on this host.

The remote host is running a Apache 2.0.39 for Win32. There is a flaw in this version which allows anyone to access files that would otherwise be inaccessible by a directory traversal attack. An attacker may use this flaw to read sensitive files on this host, or even possibly execute commands on your system.

The remote host is running a version of mod_auth_mysql which is older than 1.10. It is vulnerable to a SQL injection attack which may let anyone bypass authentication or even modify your database.

The remote host is running a version of mod_auth_pgsql which is older than 0.9.6. It is vulnerable to a SQL injection attack which may let anyone bypass authentication or even modify your database.

The remote host appears to be running a version of Apache 2.x that is older than 2.0.51. It is reported that these versions of Apache are prone to a denial of service issue related to mod_ssl. An attacker may deny service to legitimate users if the remote server uses a 'RewriteRule' to enable reverse proxying to a SSL origin server.

The remote host is running Apache Web Server 2.0.51. It is reported that this version of Apache is vulnerable to an access control bypass attack. This issue occurs when using the 'Satisfy' directive. An attacker may gain unauthorized access to restricted resources if access control relies on this directive.

The remote host appears to be running a version of Apache which is older  than 1.3.29  There are several flaws in this version that may allow an attacker to possibly execute arbitrary code through mod_alias and mod_rewrite.

The remote host appears to be running a version of Apache 2.x that is older than 2.0.48.  This version is vulnerable to a bug that may allow a rogue CGI to disable the httpd service by issuing over 4K of data to stderr. To exploit this flaw, an attacker would need the ability to upload a rogue CGI script to this server and to have it executed by the Apache daemon (httpd).

The remote host appears to be running a version of Apache that is older than 1.3.28  There are several flaws in this version, which may allow an attacker to disable the remote server.

The version of Apache installed on the remote host is advertising a version older than 2.2.8.  Such versions may be affected by several issues, including :

 - A cross-site scripting issue involving mod_imagemap (CVE-2007-5000).

 - A cross-site scripting issue involving 413 error pages via a malformed HTTP method (PR 44014 / CVE-2007-6203).

 - A cross-site scripting issue in mod_status involving the refresh parameter (CVE-2007-6388).

 - A cross-site scripting issue in mod_proxy_balancer involving the worker route and worker redirect string of the balancer manager (CVE-2007-6421).

 - A denial of service issue in the balancer_handler function in mod_proxy_balancer can be triggered by an authenticated user when a threaded Multi-Processing Module is used (CVE-2007-6422).

 - A cross-site scripting issue using UTF-7 encoding in mod_proxy_ftp exists because it does not define a charset (CVE-2008-0005).

The remote Apache server is running a version of mod_ssl which contains a off-by-one buffer overflow. An attacker with write access to a .htacess file could exploit this bug to execute arbitrary code on this host with the privileges the web server is running.

The remote host is using a version of the Apache web server that is less than 2.0.50.  This version is vulnerable to two (2) remote Denial of Service (DoS) attacks.  The first issue stems from a failure to properly manage memory and could lead to the consumption of massive amounts of memory and, alledgedly,a potential heap overflow.  The second issue stems from mod_ssl's inability to handle sessions that terminate before any bytes of data have been sent.  This second flaw results in a memory violation that leads to a loss of availability to valid users.

The remote host appears to be running a version of Apache, an open source web server.  This version of Apache is vulnerable to a flaw in the way that it handles malformed HTTP requests.  An attacker exploiting this flaw would be able to possibly corrupt cache memory or inject HTML requests to a vulnerable Apache server.  The vulnerability stems from a non-conformance to RFC 2616 that states that HTTP requests must not include both a 'Content-Length' and 'Transfer-Encoding' field.

The remote host appears to be running a version of Apache 2.x that is older than 2.0.50.  There is denial of service in Apache httpd 2.0.x by sending a specially crafted HTTP request.  It is possible to consume arbitrary amounts of memory.  On 64 bit systems with more than 4GB virtual memory this may lead to heap based buffer overflow.

The remote host is running a version of Apache/2.x which is older than 2.0.46 on top of OS/2. There is an OS/2 specific bug in this version which may allow an attacker to disable this service remotely by abusing a flaw in the OS/2 specific source file filestat.c.

The remote server is running a version of Apache 2.x which is older than 2.0.45.
This version is vulnerable to various flaw :
- There is a denial of service attack which may allow the attacker to disable this server remotely.
- The httpd process leaks file descriptors to child processes such as CGI scripts. An attacker who has the ability to execute arbitrary CGI scripts on this server (include PHP code) would be able to write arbitrary data in the files pointed to (in particular the log files).

According to its banner, the version of Apache-SSL installed on the remote host is older than apache_1.3.41+ssl_1.59.  Such versions fail to properly sanitize certificate data before using it to populate environment variables.  By sending a client certificate with special characters for the subject, a remote attacker can overwrite certain environment variables used by the web server, resulting in memory disclosure or potential privilege escalation in a web application.

The target host is running an Apache web server that allows for the injection of arbitrary escape sequences into its error logs.  An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators.

The remote host appears to be running a version of Apache, an open source web server.  This version of Apache is vulnerable to a flaw in the 'htpasswd' utility.  This issue is not considered a local flaw, as the program is not run setuid.  An attacker exploiting this flaw would need to find a vulnerable Apache Web server that was making a call to 'htpasswd' via a CGI script.

The remote host is running a vulnerable version of Apache. It is reported that versions prior 2.0.51 are prone to a remote denial of service issue. An attacker may issue a specific sequence of DAV LOCK commands to crash the process. If Apache is configured to use threads, it may completely crash the Apache process.

The remote host appears to be running a version of Apache 2.x that is older than 2.0.51. It is reported that these versions of Apache are prone to a denial of service issue related to mod_ssl. An attacker may force a SSL connection to be aborted and therefore cause the Apache server to enter in an infinite loop, consuming CPU resources.

The remote host is running a vulnerable version of Apache. It is reported that versions prior 2.0.51 are prone to a local buffer overflow when processing ${ENVVAR} constructs in .htaccess and httpd.conf files. An attacker with interactive access to the computer may use this flaw to execute arbitrary code in the context of the web server.

The remote host is running a version of Apache for Win32 which is older than 2.0.44. There is a flaw in this version which may allow an attacker to access files they should not have access to, by appending special chars to their name.

The remote host is running a vulnerable version of Apache. It is reported that versions prior to 2.0.51 are prone to a remote buffer overflow when parsing an URI sent over IPv6. An attacker may use this vulnerability to execute arbitrary code on the remote host or to deny service to legitimate users.

According to its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.9.  Such versions may be affected by several issues, including :

  - Improper handling of excessive forwarded interim responses may cause denial of service conditions in mod_proxy_http (CVE-2008-2364).
  - A cross-site request forgery vulnerability in the balancer-manager interface of mod_proxy_balancer (CVE-2007-6420).
  - An issue exists in the handling of the 'Options' and 'AllowOverride' directives (CVE-2009-1195).

Note that the remote web server may not actually be affected by these vulnerabilities.

The remote Apache server is running a version of mod_ssl which is older than 2.8.7. There is a bug in this module which may allow an attacker to obtain a shell on this host.

The remote host appears to be running a version of Apache, an open source web server.  This version of Apache is vulnerable to a flaw in the way that it handles mod_ssl CRL verification callback.  In order for an attacker to exploit this flaw the attacker would need to find a server that was configured to use a malicious certificate revocation list (CRL).

Versions of Apache HTTP Server earlier than 2.2.10 are potentially affected by multiple vulnerabilities :

  - An information disclosure vulnerability in mod_proxy_http.  Note that this only affects Apache on Unix systems. (CVE-2010-2791)

  - The mod_proxy_ftp module in the version of Apache installed on the remote host fails to properly sanitize user-supplied URL input before using it to generate dynamic HTML output.  Using specially crafted requests for FTP URLs with globbing characters (such as asterisk, tilde, opening square bracket, etc.), an attacker may be able to leverage this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site. (CVE-2008-2939)

The remote host is running a version of mod_auth_oracle which is older than 0.5.2. It is vulnerable to a SQL injection attack which may let anyone bypass authentication or even modify your database.

The remote host appears to be running a version of Apache 2.x which is older than 2.0.49.  There is a bug in the mod_ssl module that ships with Apache 2.0.35 to 2.0.48 that makes it vulnerable to a remote denial of service.  An attacker may exploit this flaw by issuing malformed SSL commands when connecting to the remote host, and may therefore use it to prevent HTTPS from working.

The remote host is running a version of Apache2 for Win32 which is older than 2.0.44. There are several flaws pre-2.0.44 which may allow an attacker to crash this host or even execute arbitrary code remotely. However, these bugs only affect WindowsME and Windows9x.

The remote host is running an Apache web server.

ID	Name	Severity
800623	Apache Tomcat < 6.0.16 Information Disclosure	medium
800620	Apache Tomcat < 6.0.18 UTF-8 Directory Traversal Arbitrary File Access	medium
800618	Apache Tomcat < 4.1.37/5.5.26/6.0.16 Multiple Vulnerabilities	medium
800604	Apache Tomcat < 5.5.23 / 6.0.10 Directory Traversal Arbitrary File Access	medium
800603	Apache Tomcat Sample App cal2.jsp time Parameter XSS (CVE-2009-0781)	medium
800601	Apache Tomcat < 6.0.15 WEBDAV Lock Request Information Disclosure	low
800598	Apache Tomcat < 4.1.40 / 5.5.28 / 6.0.20 Multiple Vulnerabilities	medium
800594	Apache mod_auth_pgsql_sys < 0.9.5 SQL Injection	high
800593	Apache htdigest realm Variable Overflow	medium
800592	Apache mod_auth_pg < 1.2b3 SQL Injection	high
800591	Apache-SSL < 1.47 mod_ssl i2d_SSL_SESSION Function Overflow	high
800590	Apache < 2.0.40 Win32 Directory Traversal File Access	high
800589	Apache mod_auth_mysql < 1.10 SQL Injection	high
800588	Apache mod_auth_pgsql < 0.9.6 SQL Injection	high
800587	Apache < 2.0.51 mod_ssl Rewrite Rules DoS	medium
800586	Apache < 2.0.52-dev 'Satisfy' Directive Access Control Bypass	medium
800585	Apache < 1.3.29 Multiple Vulnerabilities	high
800583	Apache < 2.0.48 Multiple Vulnerabilities	high
800582	Apache < 1.3.28 Multiple Vulnerabilities	high
800581	Apache < 2.2.8 Multiple Vulnerabilities	low
800580	Apache mod_ssl < 2.8.10 Off-by-one Overflow	medium
800578	Apache < 2.0.50 Input Header Folding and mod_ssl DoS	medium
800576	Apache HTTP Request Parsing HTML Injection	high
800575	Apache Input Header Folding Remote DoS	medium
800572	Apache < 2.0.46 on OS/2 filestat.c Device Name Request DoS	medium
800571	Apache < 2.0.46 Multiple Vulnerabilities	medium
800570	Apache-SSL Environment Variables Manipulation	high
800568	Apache < 1.3.31 / 2.0.49 Error Log Escape Sequence Injection	medium
800566	Apache htpasswd Overflow	medium
800565	Apache < 2.0.51 mod_dav DAV LOCK Command Remote DoS	medium
800564	Apache < 2.0.51 Multiple Vulnerabilities	medium
800562	Apache < 2.0.51 ${ENVVAR} Local Overflow	medium
800561	Apache < 2.0.44 File Access on Win32	medium
800560	Apache < 2.0.51 IPv6 Remote Buffer Overflow	medium
800558	Apache < 2.2.9 Multiple Vulnerabilities	medium
800557	Apache mod_ssl Session Cache Code Overflow	high
800556	Apache < 2.0.55 HTTP Smuggling Vulnerability	high
800555	Apache < 2.2.10 Multiple Vulnerabilities	medium
800553	Apache mod_auth_oracle < 0.52 SQL Injection	high
800551	Apache HTTP Server < 2.0.49 mod_ssl Plain HTTP Request DoS	medium
800550	Apache < 2.0.44 MS-DOS Device Name DoS / Code Execution	high
800105	Apache Web Server Detection	info

Detections

Analytics

Web Servers Family for Log Correlation Engine

medium

medium

medium

medium

medium

low

medium

high

medium

high

high

high

high

high

medium

medium

high

high

high

low

medium

medium

high

medium

medium

medium

high

medium

medium

medium

medium

medium

medium

medium

medium

high

high

medium

high

medium

high

info