Lucene search
K

88 matches found

OSV
OSV
added 2018/01/24 8:0 a.m.12 views

CURL-CVE-2018-1000007 HTTP authentication leak in redirects

curl might leak authentication data to third parties. When asked to send custom headers in its HTTP requests, curl sends that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the...

9.8CVSS8.9AI score0.08031EPSS
Exploits0
FreeBSD
FreeBSD
added 2018/01/24 12:0 a.m.38 views

cURL -- Multiple vulnerabilities

The cURL project reports: libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HT...

9.8CVSS8.2AI score0.08031EPSS
Exploits0References1
n0where
n0where
added 2017/08/15 3:45 a.m.87 views

HTTP Load Generator: hey

hey is a tiny program that sends some load to a web application – ApacheBench ab replacement. hey was originally called boom and was influenced from Tarek Ziade’s tool at tarekziade/boom . Installation go get -u github.com/rakyll/hey Note: Requires go 1.7 or greater. Usage hey runs provided numbe...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2016/12/12 2:11 p.m.54 views

FileBuster - An Extremely Fast And Flexible Web Fuzzer

An extremely fast and flexible web fuzzer. Why another fuzzer? My main motivation was to write a script that would allow me to fuzz a website based on a dictionary but that allowed me to filter words on that dictionary based on regex patterns. This necessity came from the frustration of trying to...

6.9AI score
Exploits0References3
OSV
OSV
added 2015/04/29 12:0 a.m.3 views

UBUNTU-CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...

5CVSS7.2AI score0.07538EPSS
Exploits0References4
Hacker One
Hacker One
added 2014/12/31 8:18 p.m.14 views

Internet Bug Bounty: chrome allows POST requests with custom headers using flash + 307 redirect

Hi, well, It was reported directly to googleas It affected specially chrome https://code.google.com/p/chromium/issues/detail?id=332023 . This vulnerability allowed post request with custom headers be sent to any websitesnot respecting same origin policy which chrome was mainly affected. Don't kno...

7AI score
Exploits0
Opera Security Advisories
Opera Security Advisories
added 2013/01/29 12:0 a.m.482 views

CORS requests can omit the preflight request

Cross-Origin Resource Sharing CORS requests are required to send a preflight request if custom headers are included, to check that the host wishes to allow the full request to be made. An example of where this may be needed is for sites that use a custom header with a static value as part of thei...

0.2AI score
Exploits0Affected Software1
Mozilla
Mozilla
added 2011/03/01 12:0 a.m.34 views

CSRF risk with plugins and 307 redirects — Mozilla

Independent security researcher Kuza55 and Microsoft security researcher Tom Gallagher reported that when plugin-initiated requests receive a 307 redirect response, the plugin is not notified and the request is forwarded to the new location. This is true even for cross-site redirects, so any cust...

6.8CVSS0.8AI score0.00967EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder