CVE-2017-1000247

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...

CVE-2017-12309

A vulnerability in the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this...

CVE-2017-16821

b3log Symphony aka Sym 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid...

CVE-2017-16821

b3log Symphony aka Sym 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid...

CVE-2017-16821

Vulnerability : b3log Symphony 2.2.0 is affected by an XSS in processor/AdminProcessor.java within the admin console, triggered by a crafted X-Forwarded-For header that is mishandled when displaying a client IP at /admin/user/userid. Impact : potential XSS in the admin interface as described. Rem...

Apache Httpd < 2.4.33 : Tampering of mod_session data for CGI applications

When modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its data to CGIs, since the prefix...

[SECURITY] Fedora 27 Update: nodejs-forwarded-0.1.2-1.fc27

Parse HTTP X-Forwarded-For header...

[SECURITY] Fedora 27 Update: nodejs-forwarded-0.1.2-1.fc27

Parse HTTP X-Forwarded-For header...

Debian DSA-4015-1 : openjdk-8 - security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, sandbox bypass or HTTP header injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packag...

Cisco WebEx Meetings Server Information Disclosure Vulnerability (CNVD-2017-32926)

Cisco WebEx Meetings Server is a highly secure, highly available, fully virtualized behind-the-firewall meeting solution that combines audio, video, and Web conferencing in one solution. An information disclosure vulnerability exists in Cisco WebEx Meetings Server. A remote attacker could obtain...

EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2017-1254)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these...

Google Go Denial of Service Vulnerability (CNVD-2017-32897)

Google Go is a programming language optimized for programming applications on multiprocessor systems by Google. A security vulnerability exists in the net/http inventory of the net/http/transfer.go file in versions of Google Go prior to 1.4.3, which stems from the program's failure to properly...

[SECURITY] Fedora 25 Update: nodejs-forwarded-0.1.2-1.fc25

Parse HTTP X-Forwarded-For header...

Ruby on Rails vulnerable to code injection

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

GHSA-RVPQ-5XQX-PFPP Ruby on Rails vulnerable to code injection

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

High severity vulnerability that affects rails

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)

It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additiona...

CVE-2012-4379

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

Linksys Devices Multiple Vulnerabilities

Multiple Linksys devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX = "cpe:/o:linksys:";...

UBUNTU-CVE-2015-5739

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."...