Lucene search
+L

172 matches found

osv
osv
added 2020/09/16 1:7 p.m.5 views

USN-4502-1 ruby-websocket-extensions vulnerability

It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. CVE-2020-7663...

7.5CVSS7.3AI score0.04404EPSS
Exploits1References2
redhatcve
redhatcve
added 2020/04/01 8:22 p.m.39 views

CVE-2019-10097

A vulnerability was discovered in Apache httpd, in modremoteip. A trusted proxy using the "PROXY" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences. This issue...

7.2CVSS1.7AI score0.52873EPSS
Exploits0References4
osv
osv
added 2019/03/27 2:29 p.m.2 views

DEBIAN-CVE-2019-5419

There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...

7.5CVSS7.4AI score0.08671EPSS
Exploits3References1
osv
osv
added 2018/10/18 7:24 p.m.10 views

GHSA-J77Q-2QQG-6989 Apache Struts vulnerable to remote arbitrary command execution due to improper input validation

Apache Struts versions prior to 2.3.32 and 2.5.10.1 contain incorrect exception handling and error-message generation during file-upload attempts using the Jakarta Multipart parser, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

10CVSS7.6AI score0.99999EPSS
Exploits44References46
cnvd
cnvd
added 2018/10/16 12:0 a.m.4 views

TP-Link TL-WRN841N Denial of Service Vulnerability (CNVD-2019-07032)

The TP-Link TL-WRN841N is a wireless router product from China P&L TP-LINK. A denial of service vulnerability exists in the web interface of the TP-Link TL-WRN841N version 0.9.1 4.16 v0348.0. An attacker can exploit this vulnerability by sending specially crafted HTTP packet headers to cause a...

6.5CVSS6.4AI score0.00592EPSS
Exploits0References1
osv
osv
added 2018/06/11 9:29 p.m.3 views

DEBIAN-CVE-2018-5161

Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

4.3CVSS6.7AI score0.02079EPSS
Exploits0References1
redhat
redhat
added 2018/05/24 7:59 p.m.8 views

Mozilla: Hang via malformed headers

Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

4.3CVSS7.4AI score0.02079EPSS
Exploits0References5
osv
osv
added 2018/05/23 12:0 a.m.3 views

UBUNTU-CVE-2018-5161

Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

4.3CVSS7.3AI score0.02079EPSS
Exploits0References4
redhatcve
redhatcve
added 2018/04/27 1:59 a.m.31 views

CVE-2018-1335

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients...

9.3CVSS2.8AI score0.93972EPSS
Exploits10References2
nvd
nvd
added 2018/04/25 9:29 p.m.14 views

CVE-2018-1335

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients...

9.3CVSS8.1AI score0.93972EPSS
Exploits10References5
osv
osv
added 2018/04/25 9:29 p.m.3 views

DEBIAN-CVE-2018-1335

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients...

8.1CVSS7.8AI score0.93972EPSS
Exploits10References1
debiancve
debiancve
added 2018/04/25 9:0 p.m.88 views

CVE-2018-1335

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients...

9.3CVSS8.1AI score0.93972EPSS
Exploits10
osv
osv
added 2018/04/03 10:29 p.m.4 views

ALPINE-CVE-2018-8777

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service memory consumption...

7.5CVSS6.8AI score0.04636EPSS
Exploits0References1
nessus
nessus
added 2018/02/08 12:0 a.m.25 views

openSUSE Security Update : pound (openSUSE-2018-143)

This update for pound fixes one issue. This security issue was fixed : - CVE-2016-10711: Prevent request smuggling via crafted headers bsc1078298. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...

9.8CVSS8.2AI score0.02839EPSS
Exploits0References2
osv
osv
added 2018/01/29 8:29 p.m.3 views

DEBIAN-CVE-2016-10711

Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751...

9.8CVSS7.1AI score0.02839EPSS
Exploits0References1
prion
prion
added 2018/01/29 8:29 p.m.19 views

Cross site request forgery (csrf)

Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751...

7.5CVSS6.8AI score0.02839EPSS
Exploits0References4Affected Software2
osv
osv
added 2018/01/29 8:29 p.m.7 views

CVE-2016-10711

Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751...

9.8CVSS9.4AI score
Exploits0References4
osv
osv
added 2018/01/29 8:29 p.m.4 views

UBUNTU-CVE-2016-10711

Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751...

9.8CVSS7.3AI score0.02839EPSS
Exploits0References4
cve
cve
added 2018/01/29 8:0 p.m.92 views

CVE-2016-10711

Pound (reverse proxy/load balancer) before 2.8a is exposed to HTTP request smuggling via crafted headers (CVE-2016-10711). The issue is documented across multiple feeds (NVD/NIST, Debian, USN) as a related vulnerability to CVE-2016-10711; affected versions include Pound up to 2.8a. Exploitation d...

9.8CVSS9.1AI score0.02839EPSS
Exploits0References4Affected Software1
bdu_fstec
bdu_fstec
added 2017/09/22 12:0 a.m.8 views

The vulnerability of the ap_find_token function in the Apache HTTP Server allows a hacker to trigger a segmentation fault.

The vulnerability of the apfindtoken function in the Apache HTTP Server exists due to insufficient validation of input data during the analysis of the token list. Exploiting this vulnerability can allow a malicious actor to trigger a segmentation fault or cause the apfindtoken function to return ...

9.8CVSS7.4AI score0.57472EPSS
Exploits1References5Affected Software3
Rows per page
Query Builder