97 matches found
http-slowloris NSE Script
Tests a web server for vulnerability to the Slowloris DoS attack by launching a Slowloris attack. Slowloris was described at Defcon 17 by RSnake see . This script opens and maintains numerous 'half-HTTP' connections until the server runs out of resources, leading to a denial of service. When a...
Mozilla Firefox SSL Certificate Spoofing Vulnerability - Windows
Mozilla Firefox is prone to SSL certificate spoofing vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections...
CVE-2009-0144
CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections...
CVE-2009-0144
CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections...
GLSA-200608-24 : AlsaPlayer: Multiple buffer overflows
The remote host is affected by the vulnerability described in GLSA-200608-24 AlsaPlayer: Multiple buffer overflows AlsaPlayer contains three buffer overflows: in the function that handles the HTTP connections, the GTK interface, and the CDDB querying mechanism. Impact : An attacker could exploit...
CVE-2004-1727
BadBlue 2.5 allows remote attackers to cause a denial of service refuse HTTP connections via a large number of connections from the same IP address...
CVE-2004-0610
The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service connection refusal via a large number of open HTTP connections...
CVE-2004-0611
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service no new connections via a large number of open HTTP connections...
CVE-2004-0264
palmhttpd for PalmOS allows remote attackers to cause a denial of service crash by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue...
CVE-2004-1727
BadBlue 2.5 allows remote attackers to cause a denial of service refuse HTTP connections via a large number of connections from the same IP address...
CVE-2004-0610
The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service connection refusal via a large number of open HTTP connections...
CVE-2004-0264
palmhttpd for PalmOS allows remote attackers to cause a denial of service crash by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue...
CVE-2003-0904
Summary: CVE-2003-0904 affects Microsoft Exchange Server 2003 with Outlook Web Access (OWA) when NTLM is used. A flaw in HTTP connection reuse between front-end and back-end servers (NTLM-authenticated OWA) can cause a user to be connected to another user’s mailbox if Kerberos is disabled or fall...
Polycom ViaVideo Web Server Incomplete HTTP Connection Saturation Remote DoS
The remote web server locks up when several incomplete web requests are sent and the connections are kept open. Some servers e.g. Polycom ViaVideo even run an endless loop, using much CPU on the machine. Nessus has no way to test this, but you'd better check your machine. C Tenable Network...
Netgear Logging Vulnerability
Netgear logging vulnerability Introduction Tested Vulnerable Vendor Discussion PoC Stuff Introduction There is a problem in the way Netgear routers log outgoing HTTP connections which could lead to log corruption as well as dangerous character or script injection. Tested Vulnerable Model: RP114...
PHP local DoS: self-fetching throught HTTP
PHP scripting allows "opening" files througth HTTP: $file=fopen"http://host/page.html","r"; If script opening itself throught HTTP, it will result in DoS attack: as much as possible HTTP connections and great number of executing PHP scripts. Timeout settings are useless. Possible solutions: -...