Request History

4 previous requests available

• Restore to current request
• cveinfos/view/96529
• nvdreves/view/141531
• jvninfos/index/page:13246/sort:cvssv2/direction:desc
• nvdreves/view/245711

Session

• 0(null)

Request

Cake Params

• plugin(null)
• controllercveinfos
• actionindex
• named(array)
  • page561
  • sortphase
  • directiondesc
• pass(empty)
• paging(array)
  • Cveinfo(array)
    • page561
    • current5
    • count104715
    • prevPage(true)
    • nextPage(true)
    • pageCount20943
    • order(array)
      • Cveinfo.phasedesc
    • limit5
    • options(array)
      • page561
      • order(array)
        • Cveinfo.phasedesc
      • sortphase
      • directiondesc
      • conditions(empty)
    • paramTypenamed

Post data

No post data.

Query string

No querystring data.

Cookie

To view Cookies, add CookieComponent to Controller

Current Route

• keys(array)
  • 0controller
  • 1action
• options(array)
  • defaultRoute(true)
• defaults(array)
  • plugin(null)
• template/:controller/:action/*

Sql Logs

Logs

View Variables

• cveinfos(array)
  • 0(array)
    • Cveinfo(array)
      • id2271
      • nameCVE-2000-0695
      • statusCandidate
      • descriptionBuffer overflows in pgxconfig in the Raptor GFX configuration tool allow local users to gain privileges via command line options.
      • phaseModified (20010417-01)
      • votesACCEPT(3) Baker, Dik, Levy | NOOP(2) Cole, Wall
      • commentsDik> as CVE-2000-0693
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
  • 1(array)
    • Cveinfo(array)
      • id144
      • nameCVE-1999-0144
      • statusCandidate
      • descriptionDenial of service in Qmail by specifying a large number of recipients with the RCPT command.
      • phaseModified (20010301-02)
      • votesACCEPT(4) Baker, Frech, Hill, Meunier | REVIEWING(1) Christey
      • commentsChristey> DUPE CVE-1999-0418 and CVE-1999-0250? | Christey> Dan Bernstein, author of Qmail, says that this is not a | vulnerability in qmail because Unix has built-in resource | limits that can restrict the size of a qmail process; other | limits can be specified by the administrator. See | http://cr.yp.to/qmail/venema.html | | Significant discussion of this issue took place on the qmail | list. The fundamental question appears to be whether | application software should set its own limits, or rely | on limits set by the parent operating system (in this case, | UNIX). Also, some people said that the only problem was that | the suggested configuration was not well documented, but this | was refuted by others. | | See the following threads at | http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html | "Denial of service (qmail-smtpd)" | "qmail-dos-2.c, another denial of service" | "[PATCH] denial of service" | "just another qmail denial-of-service" | "the UNIX way" | "Time for a reality check" | | Also see Bugtraq threads on a different vulnerability that | is related to this topic: | BUGTRAQ:19990903 Web servers / possible DOS Attack / mime header flooding | http://archives.neohapsis.com/archives/bugtraq/1998_3/0742.html | Baker> http://cr.yp.to/qmail/venema.html | Berstein rejects this as a vulnerability, claiming this is a slander campaign by Wietse Venema. | His page states this is not a qmail problem, rather it is a UNIX problem | that many apps can consume all available memory, and that the administrator | is responsible to set limits in the OS, rather than expect applications to | individually prevent memory exhaustion. CAN 1999-0250 does appear to | be a duplicate of this entry, based on the research I have done so far. | There were two different bugtraq postings, but the second one references | the first, stating that the new exploit uses perl instead of shell scripting | to accomplish the same attack/exploit. | Baker> http://www.securityfocus.com/archive/1/6970 | http://www.securityfocus.com/archive/1/6969 | http://cr.yp.to/qmail/venema.html | | Should probably reject CVE-1999-0250, and add these references to this | Candidate. | Baker> http://www.securityfocus.com/bid/2237 | CHANGE> [Baker changed vote from REVIEWING to ACCEPT] | Christey> qmail-dos-1.c, as published by Wietse Venema (CVE-1999-0250) | in "BUGTRAQ:19970612 Denial of service (qmail-smtpd)", does not | use any RCPT commands. Instead, it sends long strings | of "X" characters. A followup by "super@UFO.ORG" includes | an exploit that claims to do the same thing; however, that | exploit does not send long strings of X characters - it sends | a large number of RCPT commands. It appears that super@ufo.org | followed up to the wrong message. | | NOTE: the ufo.org domain was purchased by another party in | 2003, so the current owner is not associated with any | statements by "super@ufo.org" that were made before 2003. | | qmail-dos-2.c, as published by Wietse Venema (CVE-1999-0144) | in "BUGTRAQ:19970612 qmail-dos-2.c, another denial of service attack" | sends a large number of RCPT commands. | | ADDREF BID:2237 | ADDREF BUGTRAQ:19970612 qmail-dos-2.c, another denial of service attack | ADDREF BUGTRAQ:19970612 Re: Denial of service (qmail-smtpd) | | Also see a related thread: | BUGTRAQ:19990308 SMTP server account probing | http://marc.theaimsgroup.com/?l=bugtraq&m=92100018214316&w=2 | | This also describes a problem with mail servers not being able | to handle too many "RCPT TO" requests. A followup message | notes that application-level protection is used in Sendmail | to prevent this: | BUGTRAQ:19990309 Re: SMTP server account probing | http://marc.theaimsgroup.com/?l=bugtraq&m=92101584629263&w=2 | The person further says, "This attack can easily be | prevented with configuration methods."
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
  • 2(array)
    • Cveinfo(array)
      • id249
      • nameCVE-1999-0250
      • statusCandidate
      • descriptionDenial of service in Qmail through long SMTP commands.
      • phaseModified (20010301-01)
      • votesACCEPT(2) Hill, Meunier | MODIFY(1) Frech | REJECT(1) Baker | REVIEWING(1) Christey
      • commentsFrech> XF:qmail-rcpt | Christey> DUPE CVE-1999-0418 and CVE-1999-0144? | Christey> Dan Bernstein, author of Qmail, says that this is not a | vulnerability in qmail because Unix has built-in resource | limits that can restrict the size of a qmail process; other | limits can be specified by the administrator. See | http://cr.yp.to/qmail/venema.html | | Significant discussion of this issue took place on the qmail | list. The fundamental question appears to be whether | application software should set its own limits, or rely | on limits set by the parent operating system (in this case, | UNIX). Also, some people said that the only problem was that | the suggested configuration was not well documented, but this | was refuted by others. | | See the following threads at | http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/threads.html | "Denial of service (qmail-smtpd)" | "qmail-dos-2.c, another denial of service" | "[PATCH] denial of service" | "just another qmail denial-of-service" | "the UNIX way" | "Time for a reality check" | | Also see Bugtraq threads on a different vulnerability that | is related to this topic: | BUGTRAQ:19990903 Web servers / possible DOS Attack / mime header flooding | http://archives.neohapsis.com/archives/bugtraq/1998_3/0742.html | Baker> This appears to be the same vulnerability listed in CAN 1999-0144. In reading | through both bugtraq postings, the one that is referenced by 0144 is | based on a shell code exploit to cause memory exhaustion. The bugtraq | posting referenced by this entry refers explicitly to the prior | posting for 0144, and states that the same effect could be | accomplished by a perl exploit, which was then attached. | Baker> http://www.securityfocus.com/archive/1/6969 CVE-1999-0144 | http://www.securityfocus.com/archive/1/6970 CVE-1999-0250 | | Both references should be added to CVE-1999-0144, and CVE-1999-0250 | should likely be rejected. | CHANGE> [Baker changed vote from REVIEWING to REJECT] | Christey> XF:qmail-leng no longer exists; check with Andre to see if they | regarded it as a duplicate as well. | | qmail-dos-1.c, as published by Wietse Venema (CVE-1999-0250) | in "BUGTRAQ:19970612 Denial of service (qmail-smtpd)", does not | use any RCPT commands. Instead, it sends long strings | of "X" characters. A followup by "super@UFO.ORG" includes | an exploit that claims to do the same thing; however, that | exploit does not send long strings of X characters - it sends | a large number of RCPT commands. It appears that super@ufo.org | followed up to the wrong message. | | qmail-dos-2.c, as published by Wietse Venema (CVE-1999-0144) | in "BUGTRAQ:19970612 qmail-dos-2.c, another denial of service attack" | sends a large number of RCPT commands. | | ADDREF BUGTRAQ:19970612 Denial of service (qmail-smtpd) | ADDREF BUGTRAQ:19970612 qmail-dos-2.c, another denial of service attack | | Also see a related thread: | BUGTRAQ:19990308 SMTP server account probing | http://marc.theaimsgroup.com/?l=bugtraq&m=92100018214316&w=2 | | This also describes a problem with mail servers not being able | to handle too many "RCPT TO" requests. A followup message | notes that application-level protection is used in Sendmail | to prevent this: | BUGTRAQ:19990309 Re: SMTP server account probing | http://marc.theaimsgroup.com/?l=bugtraq&m=92101584629263&w=2 | The person further says, "This attack can easily be | prevented with configuration methods."
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
  • 3(array)
    • Cveinfo(array)
      • id3084
      • nameCVE-2001-0263
      • statusCandidate
      • descriptionGene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled.
      • phaseModified (20010222-02)
      • votesACCEPT(3) Baker, Cole, Renaud | MODIFY(1) Frech | NOOP(3) Oliver, Wall, Ziese
      • commentsFrech> XF:bpftp-obtain-credentials(6330)
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
  • 4(array)
    • Cveinfo(array)
      • id2753
      • nameCVE-2000-1186
      • statusCandidate
      • descriptionBuffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header.
      • phaseModified (20010122-01)
      • votesACCEPT(1) Baker | MODIFY(1) Frech | NOOP(3) Armstrong, Cole, Wall
      • commentsCHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:phf-cgi-bo(5970)
      • deleted(null)
      • created0000-00-00 00:00:00
      • modified0000-00-00 00:00:00
• $request->data(empty)
• $this->validationErrors(array)
  • Cveinfo(empty)
• Loaded Helpers(array)
  • 0Number
  • 1SimpleGraph
  • 2Paginator
  • 3DebugTimer
  • 4Toolbar
  • 5Html
  • 6Form
  • 7Session
  • 8HtmlToolbar

App Constants

No application environment available.

CakePHP Constants

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

PHP Environment

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/index/page:561/sort:phase/direction:desc
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/index/page:561/sort:phase/direction:desc
Remote Port	22412
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.66
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.3.182.133
Http Via	1.1 squid-proxy-75b5465b89-4h54w (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http Cookie	advanced-frontend=bis8s4pqe3o1cqvisjue8tn9n3
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	*/*
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	216.73.216.66
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.66
Unique Id	aDIYSNbp_jk3sCd2yjIWiAAAAb4
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	216.73.216.66
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.66
Redirect Unique Id	aDIYSNbp_jk3sCd2yjIWiAAAAb4
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	216.73.216.66
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.66
Redirect Redirect Unique Id	aDIYSNbp_jk3sCd2yjIWiAAAAb4
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1748113480.636
Request Time	1748113480

Included Files

Include Paths

• 0/virtual/inogo77/public_html/jvn/lib
• 2/opt/remi/php56/root/usr/share/pear
• 3/opt/remi/php56/root/usr/share/php
• 4/usr/share/pear
• 5/usr/share/php
• 6-> /virtual/inogo77/public_html/jvn/lib/Cake/

Included Files

• core(array)
  • Cache(array)
    • 0CORE/Cache/Cache.php
    • 1CORE/Cache/Engine/FileEngine.php
    • 2CORE/Cache/CacheEngine.php
  • Component(array)
    • 0CORE/Controller/Component/SessionComponent.php
    • 1CORE/Controller/Component/PaginatorComponent.php
  • Config(array)
    • 0CORE/Config/routes.php
    • 1CORE/Config/config.php
  • Controller(array)
    • 0CORE/Controller/Controller.php
    • 1CORE/Controller/ComponentCollection.php
    • 2CORE/Controller/Component.php
  • Datasource(array)
    • 0CORE/Model/Datasource/CakeSession.php
    • 1CORE/Model/Datasource/Database/Mysql.php
    • 2CORE/Model/Datasource/DboSource.php
    • 3CORE/Model/Datasource/DataSource.php
  • Error(array)
    • 0CORE/Error/exceptions.php
    • 1CORE/Error/ErrorHandler.php
  • I18n(array)
    • 0CORE/I18n/I18n.php
    • 1CORE/I18n/L10n.php
  • Log(array)
    • 0CORE/Log/CakeLog.php
    • 1CORE/Log/LogEngineCollection.php
    • 2CORE/Log/Engine/FileLog.php
    • 3CORE/Log/Engine/BaseLog.php
    • 4CORE/Log/CakeLogInterface.php
  • Model(array)
    • 0CORE/Model/Model.php
    • 1CORE/Model/BehaviorCollection.php
    • 2CORE/Model/ConnectionManager.php
  • Network(array)
    • 0CORE/Network/CakeRequest.php
    • 1CORE/Network/CakeResponse.php
  • Other(array)
    • 0CORE/bootstrap.php
    • 1CORE/basics.php
    • 2CORE/Core/App.php
    • 3CORE/Core/Configure.php
    • 4CORE/Core/CakePlugin.php
    • 5CORE/Event/CakeEventListener.php
    • 6CORE/Event/CakeEvent.php
    • 7CORE/Event/CakeEventManager.php
    • 8CORE/Core/Object.php
  • Routing(array)
    • 0CORE/Routing/Dispatcher.php
    • 1CORE/Routing/Filter/AssetDispatcher.php
    • 2CORE/Routing/DispatcherFilter.php
    • 3CORE/Routing/Filter/CacheDispatcher.php
    • 4CORE/Routing/Router.php
    • 5CORE/Routing/Route/CakeRoute.php
    • 6CORE/Routing/Route/PluginShortRoute.php
  • Utility(array)
    • 0CORE/Utility/Hash.php
    • 1CORE/Utility/Inflector.php
    • 2CORE/Utility/ObjectCollection.php
    • 3CORE/Utility/Debugger.php
    • 4CORE/Utility/String.php
    • 5CORE/Utility/ClassRegistry.php
  • View(array)
    • 0CORE/View/HelperCollection.php
• app(array)
  • Component(array)
    • 0APP/Controller/Component/CommonComponent.php
  • Config(array)
    • 0APP/Config/core.php
    • 1APP/Config/bootstrap.php
    • 2APP/Config/routes.php
    • 3APP/Config/database.php
  • Controller(array)
    • 0APP/Controller/CveinfosController.php
    • 1APP/Controller/AppController.php
  • Model(array)
    • 0APP/Model/Cveinfo.php
    • 1APP/Model/AppModel.php
  • Other(array)
    • 0APP/webroot/index.php
• plugins(array)
  • DebugKit(array)
    • Component(array)
      • 0DebugKit/Controller/Component/ToolbarComponent.php
    • Other(array)
      • 0DebugKit/Lib/DebugMemory.php
      • 1DebugKit/Lib/Panel/HistoryPanel.php
      • 2DebugKit/Lib/DebugPanel.php
      • 3DebugKit/Lib/Panel/SessionPanel.php
      • 4DebugKit/Lib/Panel/RequestPanel.php
      • 5DebugKit/Lib/Panel/SqlLogPanel.php
      • 6DebugKit/Lib/Panel/TimerPanel.php
      • 7DebugKit/Lib/Panel/LogPanel.php
      • 8DebugKit/Lib/Panel/VariablesPanel.php
      • 9DebugKit/Lib/Panel/EnvironmentPanel.php
      • 10DebugKit/Lib/Panel/IncludePanel.php
      • 11DebugKit/Lib/DebugTimer.php
    • Log(array)
      • 0DebugKit/Lib/Log/Engine/DebugKitLog.php