MidnightBSD

Advisories for t._hauck

CVE-1999-1082 MEDIUM

Directory traversal vulnerability in Jana proxy web server 1.40 allows remote attackers to ready arbitrary files via a "......" (modified dot dot) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
t._hauck jana_web_server 1.40
t._hauck jana_web_server 1.45
t._hauck jana_web_server 1.46
t._hauck jana_web_server 1.0
CVE-1999-1083 MEDIUM

Directory traversal vulnerability in Jana proxy web server 1.45 allows remote attackers to ready arbitrary files via a .. (dot dot) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
t._hauck jana_web_server 1.45
t._hauck jana_web_server 1.46
t._hauck jana_web_server 1.0
CVE-2001-0557 MEDIUM

T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
t._hauck jana_web_server 1.45
t._hauck jana_web_server 1.0j
t._hauck jana_web_server 2.0_beta_1
t._hauck jana_web_server *
CVE-2001-0558 MEDIUM

T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
t._hauck jana_web_server 1.45
t._hauck jana_web_server 2.0b2
t._hauck jana_web_server 1.46
t._hauck jana_web_server 2.0beta1
CVE-2002-1061 HIGH

Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP GET request with a long major version number, (2) an HTTP GET request to the HTTP proxy on port 3128 with a long major version number, (3) a long OK reply from a POP3 server, and (4) a long SMTP server response.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
t._hauck jana_web_server 2.2.1
t._hauck jana_web_server 2.0
t._hauck jana_web_server 1.45
t._hauck jana_web_server 2.0_beta1
t._hauck jana_web_server 1.46
t._hauck jana_web_server 1.0
t._hauck jana_web_server 2.0_beta2
CVE-2002-1062 HIGH

Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to execute arbitrary code via long (1) Username, (2) Password, or (3) Hostname entries.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
t._hauck jana_web_server 2.2.1
t._hauck jana_web_server 2.0
t._hauck jana_web_server 1.45
t._hauck jana_web_server 2.0_beta1
t._hauck jana_web_server 1.46
t._hauck jana_web_server 1.0
t._hauck jana_web_server 2.0_beta2
CVE-2002-1063 MEDIUM

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of FTP PASV requests, which consumes all available FTP ports.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
t._hauck jana_web_server 2.2.1
t._hauck jana_web_server 2.0
t._hauck jana_web_server 1.45
t._hauck jana_web_server 2.0_beta1
t._hauck jana_web_server 1.46
t._hauck jana_web_server 1.0
t._hauck jana_web_server 2.0_beta2
CVE-2002-1064 MEDIUM

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, generates different responses for valid and invalid usernames, which allows remote attackers to identify valid users on the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
t._hauck jana_web_server 2.2.1
t._hauck jana_web_server 2.0
t._hauck jana_web_server 1.45
t._hauck jana_web_server 2.0_beta1
t._hauck jana_web_server 1.46
t._hauck jana_web_server 1.0
t._hauck jana_web_server 2.0_beta2
CVE-2002-1065 HIGH

Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, does not restrict the number of unsuccessful login attempts, which makes it easier for remote attackers to gain privileges via brute force username and password guessing.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
t._hauck jana_web_server 2.2.1
t._hauck jana_web_server 2.0
t._hauck jana_web_server 1.45
t._hauck jana_web_server 2.0_beta1
t._hauck jana_web_server 1.46
t._hauck jana_web_server 1.0
t._hauck jana_web_server 2.0_beta2
CVE-2002-1066 HIGH

Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
t._hauck jana_web_server 2.2.1
t._hauck jana_web_server 2.0
t._hauck jana_web_server 1.45
t._hauck jana_web_server 2.0_beta1
t._hauck jana_web_server 1.46
t._hauck jana_web_server 1.0
t._hauck jana_web_server 2.0_beta2