CVE-2015-2080

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak...

CVE-2015-2080

CVE-2015-2080 affects Eclipse Jetty; vulnerability in exception handling allows remote attackers to disclose sensitive memory contents via illegal characters in HTTP headers (JetLeak). Affected product: Jetty versions before 9.2.9.v20150224. Impact per sources: information disclosure; no integrit...

CVE-2015-2080

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak...

CentOS Update for python-twisted-web CESA-2016:1978 centos7

Check the version of python-twisted-web SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882568";...

YMail anti-spam system /ymail/cgi/index. cgi HTTP header injection vulnerability

No description provided by source...

DEBIAN-CVE-2016-4993

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform EAP 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

Cisco IOS and IOS XE Software Application-Hosting Framework HTTP Header Injection Vulnerability

Cisco IOS and IOS XE Software are operating systems developed by Cisco in the United States for its network devices. An HTTP header injection vulnerability exists in the Application-Hosting Framework component in Cisco IOS version 15.61T1 and IOS XE Software. When the Iox feature setting is...

Cisco IOS Software Cisco Application-Hosting Framework HTTP Header Injection Vulnerability (cisco-sa-20160921-caf1)

A vulnerability in the Cisco Application-hosting Framework CAF component for Cisco IOS Software with the IOx feature set could allow an unauthenticated, remote attacker to cause a CAF user to download a file controlled by the attacker. SPDX-FileCopyrightText: 2016 Greenbone AG Some text...

Cisco Application-Hosting Framework HTTP Header Injection Vulnerability

A vulnerability in the Cisco Application-hosting Framework CAF component for Cisco IOS and IOS XE Software with the IOx feature set could allow an unauthenticated, remote attacker to cause a CAF user to download a file controlled by the attacker. The vulnerability is due to insufficient input...

Boozt Fashion AB: Http header injection

Researcher reported a Host injection vulnerability which caused redirect to happen to unwanted hostname...

Red Hat JBoss Enterprise Application Platform HTTP Header Injection Vulnerability

Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source, J2EE-based middleware platform. The platform is mainly used to build, deploy and host Java applications and services. An HTTP header injection vulnerability exists in Red Hat JBoss...

SUSE SLES11 Security Update : python (SUSE-SU-2016:2270-1) (httpoxy)

This update for python fixes the following issues : - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack bsc984751 - CVE-2016-5699: incorrect validation of HTTP headers allow header injection bsc985348 - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding...

CVE-2016-4993

It was reported that EAP 7 Application Server/Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value...

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.2 on RHEL 6

Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.0.2, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scori...

EUVD-2016-6641

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL...

PSF-2016-8 HTTP header injection

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL...

Internet Bug Bounty: Additional information for CVE-2016-5699

I was not the first to report this issue, but the fix languished for quite some time, since no one realized quite how bad it was. I wasn't aware of the original bug report and discovered the issue independently. I was the first to report the much more serious consequences of it. The vulnerability...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2016:2106-1) (httpoxy)

This update for python fixes the following issues : - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack bsc984751 - CVE-2016-5636: heap overflow when importing malformed zip files bsc985177 - CVE-2016-5699: incorrect validation of HTTP headers allow header injection bsc985348 -...

Internet Bug Bounty: urllib HTTP header injection CVE-2016-5699

https://bugs.python.org/issue22928 https://access.redhat.com/security/cve/cve-2016-5699...

WebNMS Framework 5.2SP1 Login Bypass

Summary WebNMS is an industry-leading used to build network management applications architecture. By submitting a custom headers parameter can directly obtain the session Cookie, skip login authentication. Vulnerability details Submit the following Get request HTTP header, add a UserName specify ...