Cross-site Scripting (XSS)

openstack-swift is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

openstack-swift: XSS in Swift requests through WWW-Authenticate header

It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks and possibly other impacts if a user were tricked into clicking on a malicious URL...

USN-2256-1 swift vulnerability

John Dickinson discovered that Swift did not properly quote the WWW-Authenticate header value. If a user were tricked into navigating to a malicious Swift URL, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing...

UBUNTU-CVE-2014-3497

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

tomcat: information disclosure in authentication headers

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...

tomcat -- information disclosure vulnerability

The Apache software foundation reports: The "WWW-Authenticate" header for BASIC and DIGEST authentication includes a realm name. If a element is specified for the application in web.xml it will be used. However, a is not specified then Tomcat will generate one. In some circumstances this can expo...

CVE-2002-1624

CVE-2002-1624 refers to a buffer overflow in the Lotus Domino web server prior to R5.0.10 when logging to DOMLOG.NSF. The vulnerability can be triggered by a long HTTP Authenticate header containing certain non-ASCII characters, allowing a remote attacker to cause a denial of service and potentia...

CVE-2002-1624

Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters...

CVE-2002-1624

Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters...