Red Hat Ceph Denial of Service Vulnerability

Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure based on POSIX Portable Operating System Interface so that data can be fault-tolerant and seamlessly replicated...

CVE-2018-7262

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgwcivetweb.cc RGWCivetWeb::initenv function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service...

CVE-2018-7262

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgwcivetweb.cc RGWCivetWeb::initenv function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service...

CVE-2018-7262

CVE-2018-7262 affects Ceph RGW (rgw_civetweb.cc RGWCivetWeb::init_env) where malformed HTTP headers can crash radosgw, enabling denial of service. Affected ranges in the initial entry are Ceph releases before 12.2.3 and 13.x up to 13.0.1. Public disclosures in connected docs corroborate that the ...

Improper Neutralization of HTTP Headers for Scripting Syntax

HTTP header injection vulnerability in the http package...

CVE-2016-9589

Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers...

CVE-2016-9589

Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers...

CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

Apache ServerTokens Information Disclosure

The HTTP headers sent by the remote web server disclose information that can aid an attacker, such as the server version, operating system, and module versions. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid106232; scriptversion"1.3";...

Crlf injection

CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP...

CVE-2014-2017

CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP...

openSUSE Security Update : syncthing (openSUSE-2018-45)

This update for syncthing brings a new version and fixes the following issues : - Update to version 0.14.42 : - Discovering new files in a deleted directory does not resurrect the directory ghsyncthing/syncthing4475. - 'Panic: interface conversion: errors.errorString is not net.Error' after resta...

Wapiti 3.0.0 - The Web-Application Vulnerability Scanner

Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans it does not study the source code of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of...

Session Hijacking Through Lack Of HTTPOnly Flag

spree is vulnerable to session hijacking attacks. The vulnerability exists due to the lack of HttpOnly flag in the HTTP headers...

How to harden AdwCleaner’s web backend using PHP

More and more applications are moving from desktop to the web, where they are particularly exposed to security risks. They are often tied to a database backend, and thus need to be properly secured, even though most of the time they are designed to restrict access to authenticated users only. PHP...

USN-3464-1: Wget vulnerabilities | Cloud Foundry

USN-3464-1: Wget vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Antti Levomäki, Christian Jalio, and Joonas Pihlaja discovered that Wget incorrectly handled certain HTTP responses. A remote attacker could use this issue to cause Wget to crash,...

Slowloris Denial of Service Attack

Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to-but never completing-the...

Cross site scripting

A vulnerability in the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this...

Cisco Email Security Appliance and Content Security Management Appliance HTTP Response Splitting Vulnerability

A vulnerability in the Cisco Email Security Appliance ESA and Content Security Management Appliance SMA software could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly...

Cross site request forgery (csrf)

Embedding Script XSS in HTTP Headers vulnerability in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack...