2442 matches found
Ubuntu Update for php5 USN-1569-1
Ubuntu Update for Linux kernel vulnerabilities USN-1569-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15691.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for php5 USN-1569-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...
PT-2013-33: CRLF Injection in Siemens Simatic WinCC TIA Portal
The specialists of the Positive Research center have detected "CRLF Injection" vulnerability in Siemens Simatic WinCC TIA Portal. If a user clicks on a malicious link which seems to lead to a HMI web application, it is possible to display any data to the user HTTP response splitting. How to fix...
Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : php5 vulnerabilities (USN-1569-1)
It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially crafted URL and inject arbitrary headers. CVE-2011-1398, CVE-2012-4388 It was discovered that PHP incorrectly handled directories...
USN-1569-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain character sequences when applying HTTP response-splitting protection. A remote attacker could create a specially-crafted URL and inject arbitrary headers. CVE-2011-1398, CVE-2012-4388 It was discovered that PHP incorrectly handled directories...
HTTP Response Splitting and XSS vulnerabilities in IBM Lotus Domino
Hello 3APA3A! I want to warn you about HTTP Response Splitting and Cross-Site Scripting vulnerabilities in IBM Lotus Domino. At 15th of August IBM released the advisory concerning these Cross-Site Scripting vulnerabilities. CVE ID: CVE-2012-3301. ------------------------- Affected products:...
CVE-2012-4388
The sapiheaderop function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improp...
Design/Logic Flaw
The sapiheaderop function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improp...
CVE-2012-4388
The sapiheaderop function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improp...
CVE-2012-4388
CVE-2012-4388 affects PHP’s sapi_header_op in main/SAPI.c, where the pointer handling for %0D (carriage return) sequences can bypass HTTP response-splitting protections via crafted URLs. Affected are PHP 5.4.0RC2 through 5.4.0 (and related branches noted in downstream advisories), with remediatio...
CVE-2012-4388
The sapiheaderop function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improp...
Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2011:142)
Security issues were identified and fixed in mozilla firefox and thunderbird : Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote...
IBM Lotus Domino 8.5.3 XSS / HTTP Response Splitting
No description provided by source. This month at 15th of August IBM released the advisory about IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities, which I've informed them about in May. This is only the part of all vulnerabilities, which I've found in their softwar...
IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities
Hello 3APA3A! This month at 15th of August IBM released the advisory about IBM Lotus Domino Cross-Site Scripting and HTTP Response Splitting vulnerabilities, which I've informed them about in May. This is only the part of all vulnerabilities, which I've found in their software, and they are worki...
CVE-2011-1398
The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...
Design/Logic Flaw
The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...
CVE-2011-1398
The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...
CVE-2011-1398
The sapiheaderop function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences aka carriage return characters, which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction betwe...
Crlf injection
Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving 1 Mozilla Firefox 3.0.9 and earlier or 2 unspecified browsers...
CVE-2012-3301
Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving 1 Mozilla Firefox 3.0.9 and earlier or 2 unspecified browsers...
HTTP header injection - ownCloud
A Header injection vulnerability in ownCloud before 4.0.8 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the HTTP url path parameter to index.php. Affected Software ownCloud Server 4.0.8 CVE-2012-5057 Action Taken It is...