jenkins: HTTP response splitting vulnerability (SECURITY-238)

CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

Gratipay: x-xss protection header is not set in response header

URL : http://inside.gratipay.com/ Description : This header enables the Cross-site scripting XSS filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user. Th...

Trend Micro WFBS Multiple Vulnerabilities

Trend Micro Worry-Free Business Security is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Trend Micro OfficeScan Path Traversal and HTTP Header Injection Vulnerability

Trend Micro OfficeScan is prone to a path traversal and HTTP header injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

SUSE-SU-2016:2106-1 Security update for python

This update for python fixes the following issues: - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack bsc984751 - CVE-2016-5636: heap overflow when importing malformed zip files bsc985177 - CVE-2016-5699: incorrect validation of HTTP headers allow header injection bsc985348 -...

RHEL 6 / 7 : python (RHSA-2016:1626) (httpoxy)

An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

python: http protocol steam injection attack

It was found that the Python's httplib library used by urllib, urllib2 and others did not properly check HTTPConnection.putheader function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values...

Security Advisory - HTTP Header Injection Vulnerability in Huawei FusionAccess

The FusionAccess is the desktop management system of Huawei FusionCloud desktop solution. Huawei FusionAccess has an HTTP header injection vulnerability. A remote, unauthenticated attacker can exploit it to tamper with HTTP headers, causing users to access crafted URLs. Vulnerability ID:...

IBM Connections Host Header Injection Vulnerability

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A host header injectio...

ESXi 5.0 / 5.1 / 5.5 / 6.0 Multiple Vulnerabilities (VMSA-2016-0010) (remote check)

The remote VMware ESXi host is version 5.0, 5.1, 5.5, or 6.0 and is missing a security patch. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the Shared Folders HGFS feature due to improper loading of Dynamic-link library DLL files fr...

VMware vCenter Server 6.0.x < 6.0u2 Unspecified HTTP Header Injection (VMSA-2016-0010)

The version of VMware vCenter Server installed on the remote host is 6.0.x prior to 6.0u2. It is, therefore, affected by an HTTP header injection vulnerability due to improper sanitization of user-supplied input. A remote attacker can exploit this to inject arbitrary HTTP headers and conduct HTTP...

VMware vCenter Server/ESXi CRLF Injection Vulnerability

VMware vCenter Server enables rapid deployment of virtual machines and monitors the performance of physical servers and virtual machines. A CRLF injection vulnerability exists in VMware vCenter Server U2 prior to version 6.0 and ESXi 6.0, which can be exploited by remote attackers to inject...

CVE-2016-5331

CVE-2016-5331 describes a CRLF/HTTP header injection vulnerability in VMware vCenter Server 6.0 (before U2) and ESXi 6.0. The underlying issue is CRLF injection that allows remote attackers to manipulate HTTP headers and perform HTTP response splitting via unspecified vectors. Impact is stated as...

VMware Security Updates for vCenter Server (VMSA-2016-0010) - Active Check

vCenter contain an HTTP header injection vulnerability due to lack of input validation. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Security Updates for vCenter Server (VMSA-2016-0010)

vCenter Server contain an HTTP header injection vulnerability due to lack of input validation. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

VMware ESXi product updates address multiple important security issues (VMSA-2016-0010) - Remote Version Check

ESXi contain an HTTP header injection vulnerability due to lack of input validation. An attacker can exploit this issue to set arbitrary HTTP response headers and cookies, which may allow for cross-site scripting and malicious redirect attacks. SPDX-FileCopyrightText: 2016 Greenbone AG Some text...

VMware ESXi product updates address multiple important security issues (VMSA-2016-0010) - Local Version Check

ESXi contain an HTTP header injection vulnerability due to lack of input validation. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2016-1463

Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737...

Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability

Cisco FireSIGHT System Software is the United States Cisco Cisco company's set of management center software, which supports the centralized management of the use of FirePOWER Services Cisco ASA and Cisco FirePOWER network security appliances network security and operational functions of the...

Cisco FireSIGHT System Software Snort Rule Bypass Vulnerability

A vulnerability in Snort rule detection in Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass configured rules that use Snort detection. The vulnerability is due to improper handling of HTTP header parameters. An attacker could exploit this vulnerability by...