Filtered by vendor Redhat Subscriptions
Filtered by product Rhel Stronghold Subscriptions
Total 49 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2002-1157 2 Mod Ssl, Redhat 5 Mod Ssl, Enterprise Linux, Linux and 2 more 2024-11-21 N/A
Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
CVE-2002-1148 2 Apache, Redhat 3 Tomcat, Rhel Stronghold, Stronghold 2024-11-21 N/A
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
CVE-2002-0986 2 Php, Redhat 5 Php, Enterprise Linux, Linux and 2 more 2024-11-21 N/A
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
CVE-2002-0985 3 Openpkg, Php, Redhat 6 Openpkg, Php, Enterprise Linux and 3 more 2024-11-21 N/A
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
CVE-2002-0843 3 Apache, Oracle, Redhat 8 Http Server, Application Server, Database Server and 5 more 2024-11-21 N/A
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
CVE-2002-0840 3 Apache, Oracle, Redhat 9 Http Server, Application Server, Database Server and 6 more 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
CVE-2002-0839 3 Apache, Debian, Redhat 6 Http Server, Debian Linux, Enterprise Linux and 3 more 2024-11-21 N/A
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
CVE-2002-0653 2 Modssl, Redhat 6 Mod Ssl, Enterprise Linux, Linux and 3 more 2024-11-21 7.8 High
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
CVE-2002-0392 3 Apache, Debian, Redhat 7 Http Server, Debian Linux, Enterprise Linux and 4 more 2024-11-21 N/A
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.