CVE-2017-5390

The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...

Splunk Light Python Vulnerabilities

Splunk Light is prone to multiple vulnerabilities in Python. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:light"; if...

Crlf injection

CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf...

CVE-2016-6484

CVE-2016-6484 affects Infoblox Network Automation NetMRI prior to 7.1.1. The vulnerability is a CRLF injection in the contentType parameter used in the login action at config/userAdmin/login.tdf, enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting. Publi...

Airbnb: [m.airbnb.com] CRLF Injection

By using a URL-escaped character sequence, bobrov was able to inject HTTP headers into the responses of some redirects on the m.airbnb.com domain. This allowed them to perform actions such as setting cookies for the airbnb.com domain. This primarily affected Internet Explorer, and was not...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2016-13232)

Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A security vulnerability exists in Apache httpd versions prior to 2.4.25, which stems from the program's failure to properly parse HTTP header...

LocalTapiola: Creating arbitrary cookies values /cs/CookieServer (www.lahitapiola.fi)

Issue The reporter was able to inject http-headers to set custom cookies in the response. The cookie scope was .lahitapiola.fi. /cs/CookieServer.The report contained a thorough PoC and appropriate screenshots which assisted the triaging process. Fix The issue was investigated and found to be vali...

Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...

USN-3134-1: Python vulnerabilities

It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. CVE-2016-0772 Rémi Rampin discovered that Python would not protect CGI applications from contents of the HTTPPROXY environme...

squid: some code paths fail to check bounds in string object

Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response...

Crlf injection

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

CVE-2016-5325

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

CVE-2016-4993

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform EAP 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

Crlf injection

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform EAP 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2016-4993

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform EAP 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2016-4993

CVE-2016-4993 describes a CRLF injection vulnerability in the Undertow web server used by WildFly 10.0.0 and Red Hat JBoss EAP 7.x prior to 7.0.2. An attacker can inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. The vulnerability affects Undertow/WildFly ...

CVE-2016-4993

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform EAP 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2016-6412

The Cisco Application-hosting Framework CAF component in Cisco IOS 15.61T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773...

Code injection

The Cisco Application-hosting Framework CAF component in Cisco IOS 15.61T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773...

CVE-2016-6412

The Cisco Application-hosting Framework CAF component in Cisco IOS 15.61T1 and IOS XE, when the IOx feature set is enabled, allows man-in-the-middle attackers to trigger arbitrary downloads via crafted HTTP headers, aka Bug ID CSCuz84773...