172 matches found
USN-4502-1 ruby-websocket-extensions vulnerability
It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. CVE-2020-7663...
CVE-2019-10097
A vulnerability was discovered in Apache httpd, in modremoteip. A trusted proxy using the "PROXY" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences. This issue...
DEBIAN-CVE-2019-5419
There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...
GHSA-J77Q-2QQG-6989 Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
Apache Struts versions prior to 2.3.32 and 2.5.10.1 contain incorrect exception handling and error-message generation during file-upload attempts using the Jakarta Multipart parser, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...
TP-Link TL-WRN841N Denial of Service Vulnerability (CNVD-2019-07032)
The TP-Link TL-WRN841N is a wireless router product from China P&L TP-LINK. A denial of service vulnerability exists in the web interface of the TP-Link TL-WRN841N version 0.9.1 4.16 v0348.0. An attacker can exploit this vulnerability by sending specially crafted HTTP packet headers to cause a...
DEBIAN-CVE-2018-5161
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...
Mozilla: Hang via malformed headers
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...
UBUNTU-CVE-2018-5161
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...
CVE-2018-1335
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients...
CVE-2018-1335
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients...
DEBIAN-CVE-2018-1335
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients...
CVE-2018-1335
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients...
ALPINE-CVE-2018-8777
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service memory consumption...
openSUSE Security Update : pound (openSUSE-2018-143)
This update for pound fixes one issue. This security issue was fixed : - CVE-2016-10711: Prevent request smuggling via crafted headers bsc1078298. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...
DEBIAN-CVE-2016-10711
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751...
Cross site request forgery (csrf)
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751...
CVE-2016-10711
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751...
UBUNTU-CVE-2016-10711
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751...
CVE-2016-10711
Pound (reverse proxy/load balancer) before 2.8a is exposed to HTTP request smuggling via crafted headers (CVE-2016-10711). The issue is documented across multiple feeds (NVD/NIST, Debian, USN) as a related vulnerability to CVE-2016-10711; affected versions include Pound up to 2.8a. Exploitation d...
The vulnerability of the ap_find_token function in the Apache HTTP Server allows a hacker to trigger a segmentation fault.
The vulnerability of the apfindtoken function in the Apache HTTP Server exists due to insufficient validation of input data during the analysis of the token list. Exploiting this vulnerability can allow a malicious actor to trigger a segmentation fault or cause the apfindtoken function to return ...