RedHat Update for squid RHSA-2007:1130-01

Check for the Version of squid OpenVAS Vulnerability Test RedHat Update for squid RHSA-2007:1130-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

CentOS Update for squid CESA-2008:0214 centos3 i386

Check for the Version of squid OpenVAS Vulnerability Test CentOS Update for squid CESA-2008:0214 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CentOS Update for squid CESA-2007:1130-04 centos2 i386

Check for the Version of squid OpenVAS Vulnerability Test CentOS Update for squid CESA-2007:1130-04 centos2 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for squid CESA-2008:0214 centos4 i386

Check for the Version of squid OpenVAS Vulnerability Test CentOS Update for squid CESA-2008:0214 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CentOS Update for squid CESA-2008:0214 centos4 x86_64

Check for the Version of squid OpenVAS Vulnerability Test CentOS Update for squid CESA-2008:0214 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CentOS Update for squid CESA-2008:0214 centos4 i386

Check for the Version of squid OpenVAS Vulnerability Test CentOS Update for squid CESA-2008:0214 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Intercepting proxy servers may incorrectly rely on HTTP headers to make connections

Overview Proxy servers running in interception mode "transparent" proxies that make connection decisions based on HTTP header values may be used by an attacker to relay connections. Description HTTP Host Headers are defined in RFC 2616 and are often used to by web servers to allow multiple websit...

Crlf injection

CRLF injection vulnerability in SocialEngine SE 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie...

CVE-2008-6121

CRLF injection vulnerability in SocialEngine SE 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie...

CVE-2008-6121

CRLF injection vulnerability in SocialEngine SE 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie...

CVE-2008-6121

CVE-2008-6121 describes a CRLF injection vulnerability in SocialEngine versions 2.7 and earlier. The issue allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via the PHPSESSID cookie. Affected software: SocialEngine 2.7 and earlier. Underlying cause: CRLF...

USN-717-3: Firefox vulnerabilities

Kojima Hajime discovered that Firefox did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. CVE-2008-5510 Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were...

Crlf injection

CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server WAS 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

CVE-2008-4283

CVE-2008-4283 describes a CRLF injection vulnerability in the WebContainer component of IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions. The issue allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via unspecified vectors. Accor...

PT-2009-1135

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services IIS version 5.0 Description The issue allows remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism. This is achieved by using the undocumented TRACK...

CVE-2008-5554

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the 1 Location and 2...

Cross site scripting

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the 1 Location and 2...

CVE-2008-5554

The CVE-2008-5554 entry describes a vulnerability in Microsoft Internet Explorer 8.0 Beta 2 where the XSS Filter fails to properly handle certain HTTP headers that appear after a CRLF in a URI, permitting bypass of the XSS protection and enabling XSS or redirection via headers such as Location or...

openSUSE 10 Security Update : rubygem-actionpack (rubygem-actionpack-5816)

Missing input sanitation in rubygem-actionpack allowed remote attackers to inject arbitrary HTTP headers via specially crafted URLs CVE-2008-5189. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...

CVE-2008-4829

CVE-2008-4829 affects the Streamripper project, with public sources describing multiple buffer overflows in lib/http.c (functions http_parse_sc_header, http_get_pls, http_get_m3u) triggered by overly long HTTP headers and playlists. Public reports (e.g., GLSA 200901-05, Debian DSA-1683-1, OpenVAS...