CVE-2016-6412

The CVE-2016-6412 entry describes a vulnerability in Cisco IOS/IOS XE’s Application-hosting Framework (CAF) when the IOx feature set is enabled. The issue arises from insufficient input validation in CAF, allowing a remote attacker to induce a CAF user to download an attacker-controlled file by s...

CVE-2016-6396

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482...

CVE-2016-6396

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482...

CVE-2016-6396

Cisco Firepower Management Center and FireSIGHT System Software before 6.1 are affected by CVE-2016-6396. The issue arises from improper validation of HTTP header fields in the malware blocking/detection features, which could allow an unauthenticated, remote attacker to bypass malware detection b...

CPython CRLF Injection Vulnerability - Linux

CPython is prone to a CRLF injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

CPython CRLF Injection Vulnerability - Windows

CPython is prone to a CRLF injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

Cisco FireSIGHT System Software Malware Bypass Vulnerability

A vulnerability in the malicious file detection and blocking features of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input validation of fields in HTTP headers. A...

CVE-2016-6839

CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

Crlf injection

CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2016-6839

The CVE is tied to Huawei FusionAccess prior to V100R006C00, where an HTTP header injection vulnerability (CRLF injection) allows a remote, unauthenticated attacker to tamper with server responses and inject arbitrary HTTP headers, enabling HTTP response splitting via unspecified vectors. Connect...

Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. The vulnerability is due to improper input...

Crlf injection

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL...

CVE-2016-5699

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL...

CVE-2016-5699

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython aka Python before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL...

CVE-2016-5699

CVE-2016-5699 is a CRLF injection vulnerability in Python’s HTTPConnection.putheader() used by urllib/urllib2. The flaw allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. Affected are CPython before 2.7.10 and 3.x before 3.4.4. Consequences include header inject...

Gratipay: Host Header poisoning on gratipay.com

There is a host header poisoning vulnerability on gratipay.com that allows an attacker to cause a 301 redirect and poison the browser DNS cache to cause all further requests to gratipay.com to be redirected to the attacker's site. PoC Request: GET https://gratipay.com/ HTTP/1.1 Host: heroku.com...

Crlf injection

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2016-5331

CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

JVN#65273415: Android OS issue where it is affected by the CRIME attack

The TLS protocol contains a function that compresses data for communications between the client and server. This function does not properly obfuscate the length of the unencrypted data. When this function is enabled on both the client and server, it results in a vulnerability where plaintext HTTP...

Varnish: Multiple vulnerabilities

Background Varnish is a web application accelerator. Description Varnish fails to properly validate input from HTTP headers, and does not deny requests with multiple Content-Length headers. Impact Remote attackers could conduct an HTTP response splitting attack, which may further enable them to...