HTTP-delivered attacks against web servers

This data is a snapshot as of June 1, 2006. Changes from the data set described in Learning DFA Representations of HTTP for Protecting Web Applications by Kenneth L. Ingham, Anil Somayaji, John Burge, and Stephanie Forrest will be described here (currently, no changes have been made).

Each of these links contains:

The whole database is also available as a gzipped tar file.

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License.

Sort by:

Sorted by Name

Number Name Category Effect Victim server OS Source
Statistics Buffer overflow: 10
Failure to Handle Exceptional Conditions: 2
File disclosure: 1
Information leak: 1
Input validation error: 22
Poor memory management: 1
Poor resource management: 2
Signed interpretation of unsigned value: 4
URL decoding error: 22
Denial of Service: 12
File disclosure: 1
Path disclosure: 2
Remote access: 31
Remote reconfiguration: 2
Unauthorized file access: 16
Write files as web server user: 1
Active Perl ISAPI: 1
AltaVista Search Engine: 4
AnalogX SimpleServer:WWW v1.01: 1
Apache: 10
Apache with mod_php: 4
Apache, NCSA: 6
CERN 3.0A: 1
FrontPage Personal Web Server: 1
Hughes Technologies Mini SQL: 1
IIS: 29
InetServ 3.0: 1
Netscape FastTrack 2.01a: 1
Nortel Contivity Extranet Switches: 2
OmniHTTPd: 1
PlusMail: 2
*BSD: 1
Any Unix/Linux: 2
FreeBSD 2.2.x, FreeBSD 3.0, IRIX 5.3, IRIX 6.2: 1
Linux, *BSD, Unix: 6
NT: 2
OpenBSD: 1
SCO UnixWare: 1
Solaris x86: 1
Unix: 6
VxWorks: 2
Windows: 35
Windows NT: 1
Windows, Linux, *BSD, Unix: 3
Windows, Linux, AIX, Mac OS X, *BSD: 3
Bugtraq: 7
Captured with snort: 20
Cerberus: 1
Lincoln Labs data: 2
No Source information: 3
OSVDB: 2
Packetstorm: 24
Packetstorm, Bugtraq: 5
Packetstorm, NTBugtraq: 1
33 ADSI path disclosure Information leak Path disclosure IIS Windows Packetstorm, NTBugtraq
46 Active Perl ISAPI buffer overflow Buffer overflow Remote access Active Perl ISAPI Windows Packetstorm
32 AltaVista Search Engine Directory Traversal Input validation error Unauthorized file access AltaVista Search Engine Linux, *BSD, Unix Bugtraq
31 AltaVista Search Engine Directory Traversal Input validation error Unauthorized file access AltaVista Search Engine Linux, *BSD, Unix Bugtraq
30 AltaVista Search Engine Directory Traversal Input validation error Unauthorized file access AltaVista Search Engine Windows Bugtraq
29 AltaVista Search Engine Directory Traversal Input validation error Unauthorized file access AltaVista Search Engine Linux, *BSD, Unix Packetstorm
60 Apache Sioux Poor memory management Denial of Service Apache FreeBSD 2.2.x, FreeBSD 3.0, IRIX 5.3, IRIX 6.2 Lincoln Labs data
59 Apache Win32 .var File Web Path Disclosure Input validation error Path disclosure Apache Windows No Source information
57 Apache Win32 Directory Traversal URL decoding error Unauthorized file access Apache Windows OSVDB
58 Apache Win32 Directory Traversal URL decoding error Remote access Apache Windows OSVDB
61 Beck, variant 1 Poor resource management Denial of Service Apache Any Unix/Linux Packetstorm
62 Beck, variant 2 Poor resource management Denial of Service Apache Any Unix/Linux Packetstorm
45 CERN 3.0 heap overflow Buffer overflow Denial of Service CERN 3.0A Windows, Linux, *BSD, Unix Packetstorm
23 Chunked transfer error Signed interpretation of unsigned value Denial of Service Apache Windows, Linux, *BSD, Unix Bugtraq
22 Chunked transfer error Signed interpretation of unsigned value Denial of Service Apache Windows, Linux, *BSD, Unix Bugtraq
24 Code-red Buffer overflow Remote access IIS Windows Captured with snort
25 GET Buffer Overflow Buffer overflow Remote access Netscape FastTrack 2.01a SCO UnixWare Packetstorm
47 IIS 5 remote .printer overflow Buffer overflow Remote access IIS Windows Packetstorm
26 Long GET Request Vulnerability Buffer overflow Remote access InetServ 3.0 Windows Packetstorm
48 Long Request Buffer Overflow Buffer overflow Denial of Service OmniHTTPd Windows Packetstorm
44 MS IIS/PWS Escaped Characters Decoding Command Execution URL decoding error Remote access IIS Windows Packetstorm
43 MS IIS/PWS Escaped Characters Decoding Command Execution URL decoding error Remote access IIS Windows Packetstorm
55 Microsoft FrontPage PWS Directory Traversal Input validation error Unauthorized file access FrontPage Personal Web Server Windows Packetstorm, Bugtraq
64 Microsoft IIS '../..' Denial of Service Vulnerability, variant 1 Failure to Handle Exceptional Conditions Denial of Service IIS NT No Source information
65 Microsoft IIS '../..' Denial of Service Vulnerability, variant 2 Failure to Handle Exceptional Conditions Denial of Service IIS NT Lincoln Labs data
40 Microsoft IIS Chunked Encoding Transfer Heap Overflow Buffer overflow Remote access IIS Windows Packetstorm, Bugtraq
63 Microsoft IIs '..' hole File disclosure File disclosure IIS Windows NT No Source information
50 Mini-SQL w3-msql Buffer Overflow Buffer overflow Remote access Hughes Technologies Mini SQL Solaris x86 Packetstorm
27 NT Index Server Directory Traversal 01 Input validation error Unauthorized file access IIS Windows Cerberus
28 NT Index Server Directory Traversal 02 Input validation error Unauthorized file access IIS Windows Packetstorm
01 Nimda, variant 01 URL decoding error Remote access IIS Windows Captured with snort
02 Nimda, variant 02 URL decoding error Remote access IIS Windows Captured with snort
03 Nimda, variant 03 URL decoding error Remote access IIS Windows Captured with snort
04 Nimda, variant 04 URL decoding error Remote access IIS Windows Captured with snort
05 Nimda, variant 05 URL decoding error Remote access IIS Windows Captured with snort
06 Nimda, variant 06 URL decoding error Remote access IIS Windows Captured with snort
07 Nimda, variant 07 URL decoding error Remote access IIS Windows Captured with snort
08 Nimda, variant 08 URL decoding error Remote access IIS Windows Captured with snort
09 Nimda, variant 09 URL decoding error Remote access IIS Windows Captured with snort
10 Nimda, variant 10 URL decoding error Remote access IIS Windows Captured with snort
11 Nimda, variant 11 URL decoding error Remote access IIS Windows Captured with snort
12 Nimda, variant 12 URL decoding error Remote access IIS Windows Captured with snort
13 Nimda, variant 13 URL decoding error Remote access IIS Windows Captured with snort
14 Nimda, variant 14 URL decoding error Remote access IIS Windows Captured with snort
15 Nimda, variant 15 URL decoding error Remote access IIS Windows Captured with snort
16 Nimda, variant 16 URL decoding error Remote access IIS Windows Captured with snort
17 Nimda, variant 17 URL decoding error Remote access IIS Windows Captured with snort
18 Nimda, variant 18 URL decoding error Remote access IIS Windows Captured with snort
52 Nortel Contivity File Viewing, variant 2 Input validation error Unauthorized file access Nortel Contivity Extranet Switches VxWorks Packetstorm
51 Nortel Contivity File Viewing, variant one Input validation error Unauthorized file access Nortel Contivity Extranet Switches VxWorks Packetstorm
20 Nosejob Signed interpretation of unsigned value Remote access Apache *BSD Packetstorm
56 PHP File Upload Input validation error Write files as web server user Apache with mod_php Linux, *BSD, Unix Bugtraq
42 PHP HTTP POST Incorrect MIME Header Parsing Input validation error Denial of Service Apache with mod_php Linux, *BSD, Unix Captured with snort
41 PHP HTTP POST Incorrect MIME Header Parsing Input validation error Denial of Service Apache with mod_php Linux, *BSD, Unix Packetstorm, Bugtraq
49 PHP Interpreter Direct Invocation Input validation error Denial of Service Apache with mod_php Windows, Linux, AIX, Mac OS X, *BSD Bugtraq
53 PowerScripts PlusMail WebConsole Poor Authentication Input validation error Remote reconfiguration PlusMail Windows, Linux, AIX, Mac OS X, *BSD Packetstorm, Bugtraq
54 PowerScripts PlusMail WebConsole Poor Authentication Input validation error Remote reconfiguration PlusMail Windows, Linux, AIX, Mac OS X, *BSD Packetstorm, Bugtraq
19 Remote GET Buffer Overflow Vulnerability Buffer overflow Remote access AnalogX SimpleServer:WWW v1.01 Windows Packetstorm
21 Scalp Signed interpretation of unsigned value Remote access Apache OpenBSD Packetstorm
34 phf CGI Arbitrary Command Execution (and related), variant 1 Input validation error Unauthorized file access Apache, NCSA Unix Packetstorm
35 phf CGI Arbitrary Command Execution (and related), variant 2 Input validation error Unauthorized file access Apache, NCSA Unix Packetstorm
36 phf CGI Arbitrary Command Execution (and related), variant 3 Input validation error Unauthorized file access Apache, NCSA Unix Packetstorm
37 phf CGI Arbitrary Command Execution (and related), variant 4 Input validation error Unauthorized file access Apache, NCSA Unix Packetstorm
38 phf CGI Arbitrary Command Execution (and related), variant 5 Input validation error Unauthorized file access Apache, NCSA Unix Packetstorm
39 phf CGI Arbitrary Command Execution (and related), variant 6 Input validation error Unauthorized file access Apache, NCSA Unix Packetstorm

Data collected by Kenneth Ingham.