Lucene search
+L

3648 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Mono <= 2.0 'System.Web' HTTP Header Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30867/info Mono is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch...

7.1AI score
Exploits0
Mageia
Mageia
added 2014/06/19 8:30 p.m.47 views

Updated tomcat and tomcat6 packages fix security vulnerabilities

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunked transfer coding o...

5CVSS8.4AI score0.2006EPSS
Exploits1References3
OSV
OSV
added 2014/06/19 8:30 p.m.11 views

MGASA-2014-0268 Updated tomcat and tomcat6 packages fix security vulnerabilities

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunked transfer coding o...

5CVSS8.6AI score0.2006EPSS
Exploits1References4
NVD
NVD
added 2014/05/31 11:17 a.m.20 views

CVE-2014-0099

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

4.3CVSS8.1AI score0.08838EPSS
Exploits0References49
Prion
Prion
added 2014/05/31 11:17 a.m.24 views

Integer overflow

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

4.3CVSS7.1AI score0.08838EPSS
Exploits0References49Affected Software1
CVE
CVE
added 2014/05/31 10:0 a.m.183 views

CVE-2014-0099

Apache Tomcat contains an integer overflow in Ascii.java that, when behind a reverse proxy, enables HTTP request smuggling via a crafted Content-Length header. Affected versions are Tomcat 6.0.x before 6.0.40, Tomcat 7.x before 7.0.53, and Tomcat 8.x before 8.0.4. The provided documents do not sp...

4.3CVSS7.8AI score0.08838EPSS
Exploits0References49Affected Software1
Cvelist
Cvelist
added 2014/05/31 10:0 a.m.28 views

CVE-2014-0099

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

8.1AI score0.08838EPSS
Exploits0References49
Debian CVE
Debian CVE
added 2014/05/31 10:0 a.m.53 views

CVE-2014-0099

Removed by vendor...

4.3CVSS6.9AI score0.08838EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2014/05/31 12:0 a.m.30 views

CVE-2014-0099

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

4.3CVSS6.9AI score0.08838EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/05/30 12:0 a.m.162 views

Apache Tomcat 7.0.0 < 7.0.53 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.53. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.53security-7 advisory. - Integer overflow in the parseChunkHeader function in...

5CVSS6.8AI score0.2006EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2014/05/30 12:0 a.m.49 views

Apache Tomcat 8.0.0-RC1 < 8.0.5 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.0.5security-8 advisory. - Integer overflow in the parseChunkHeader function in...

5CVSS6.8AI score0.2006EPSS
Exploits1References11
FreeBSD
FreeBSD
added 2014/05/23 12:0 a.m.39 views

tomcat -- multiple vulnerabilities

Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...

8.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2011/11/18 12:0 a.m.183 views

Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.23 Content-Length HTTP Request Smuggling

According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is 5.0.x equal to or prior to 5.0.30 or 5.5.x prior to 5.5.23. It is, therefore, affected by an HTTP request smuggling vulnerability. Requests containing multiple 'content-length' headers are...

4.3CVSS5.5AI score0.29784EPSS
Exploits4References4
exploitpack
exploitpack
added 2011/09/09 12:0 a.m.21 views

Spring Security - HTTP Header Injection

Spring Security - HTTP Header Injection source: https://www.securityfocus.com/bid/49535/info Spring Security is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response,...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2010/07/15 12:0 a.m.121 views

CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...

6.4CVSS5.8AI score0.06509EPSS
Exploits1
NVD
NVD
added 2010/07/06 5:17 p.m.14 views

CVE-2010-1576

The Cisco Content Services Switch CSS 11500 with software before 8.20.4.02 and the Application Control Engine ACE 4710 with software before A23.0 do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to...

7.5CVSS6.6AI score0.01834EPSS
Exploits2References6
NVD
NVD
added 2010/07/06 5:17 p.m.15 views

CVE-2010-2629

The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...

7.5CVSS6.7AI score0.01471EPSS
Exploits0References5
Prion
Prion
added 2010/07/06 5:17 p.m.22 views

Crlf injection

The Cisco Content Services Switch CSS 11500 with software before 8.20.4.02 and the Application Control Engine ACE 4710 with software before A23.0 do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to...

7.5CVSS7AI score0.01834EPSS
Exploits2References6Affected Software2
Cvelist
Cvelist
added 2010/07/06 2:0 p.m.22 views

CVE-2010-1576

The Cisco Content Services Switch CSS 11500 with software before 8.20.4.02 and the Application Control Engine ACE 4710 with software before A23.0 do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to...

6.6AI score0.01834EPSS
Exploits2References6
Cvelist
Cvelist
added 2010/07/06 2:0 p.m.25 views

CVE-2010-2629

The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...

6.7AI score0.01471EPSS
Exploits0References5
Rows per page
Query Builder