3648 matches found
Mono <= 2.0 'System.Web' HTTP Header Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30867/info Mono is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch...
Updated tomcat and tomcat6 packages fix security vulnerabilities
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunked transfer coding o...
MGASA-2014-0268 Updated tomcat and tomcat6 packages fix security vulnerabilities
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunked transfer coding o...
CVE-2014-0099
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...
Integer overflow
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...
CVE-2014-0099
Apache Tomcat contains an integer overflow in Ascii.java that, when behind a reverse proxy, enables HTTP request smuggling via a crafted Content-Length header. Affected versions are Tomcat 6.0.x before 6.0.40, Tomcat 7.x before 7.0.53, and Tomcat 8.x before 8.0.4. The provided documents do not sp...
CVE-2014-0099
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...
CVE-2014-0099
Removed by vendor...
CVE-2014-0099
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...
Apache Tomcat 7.0.0 < 7.0.53 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.53. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.53security-7 advisory. - Integer overflow in the parseChunkHeader function in...
Apache Tomcat 8.0.0-RC1 < 8.0.5 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.0.5security-8 advisory. - Integer overflow in the parseChunkHeader function in...
tomcat -- multiple vulnerabilities
Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.23 Content-Length HTTP Request Smuggling
According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is 5.0.x equal to or prior to 5.0.30 or 5.5.x prior to 5.5.23. It is, therefore, affected by an HTTP request smuggling vulnerability. Requests containing multiple 'content-length' headers are...
Spring Security - HTTP Header Injection
Spring Security - HTTP Header Injection source: https://www.securityfocus.com/bid/49535/info Spring Security is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response,...
CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...
CVE-2010-1576
The Cisco Content Services Switch CSS 11500 with software before 8.20.4.02 and the Application Control Engine ACE 4710 with software before A23.0 do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to...
CVE-2010-2629
The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...
Crlf injection
The Cisco Content Services Switch CSS 11500 with software before 8.20.4.02 and the Application Control Engine ACE 4710 with software before A23.0 do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to...
CVE-2010-1576
The Cisco Content Services Switch CSS 11500 with software before 8.20.4.02 and the Application Control Engine ACE 4710 with software before A23.0 do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to...
CVE-2010-2629
The Cisco Content Services Switch CSS 11500 with software 8.20.4.02 and the Application Control Engine ACE 4710 with software A23.0 do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling...