CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2478 matches found

Tenable Nessus•added 2003/04/06 12:0 a.m.•55 views

Abyss Web Server Malformed GET Request Remote DoS

It was possible to kill the remote web server by sending empty HTTP request headers namely Connection: or Range:. An attacker may use this flaw to crash the affected application, thereby denying service to legitimate users. C Tenable Network Security, Inc. References: Date: Sat, 5 Apr 2003 12:21:...

8.5CVSS5.5AI score0.05538EPSS

Exploits1References2

exploitpack•added 2003/04/05 12:0 a.m.•8 views

Abyss Web Server 1.1.2 - Incomplete HTTP Request Denial of Service

Abyss Web Server 1.1.2 - Incomplete HTTP Request Denial of Service source: https://www.securityfocus.com/bid/7287/info A denial of service vulnerability has been reported for Abyss Web Server. The vulnerability exists when Abyss attempts to parse certain incomplete HTTP headers. GET / HTTP/1.0...

0.3AI score

Exploits0

Exploit DB•added 2003/04/05 12:0 a.m.•42 views

Abyss Web Server 1.1.2 - Incomplete HTTP Request Denial of Service

source: https://www.securityfocus.com/bid/7287/info A denial of service vulnerability has been reported for Abyss Web Server. The vulnerability exists when Abyss attempts to parse certain incomplete HTTP headers. GET / HTTP/1.0 Connection: GET / HTTP/1.0 Range:...

7.4AI score

Exploits0

Cvelist•added 2003/04/02 5:0 a.m.•29 views

CVE-2002-0150

Buffer overflow in Internet Information Server IIS 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values...

7.9AI score0.69466EPSS

Exploits0References9

NVD•added 2003/02/19 5:0 a.m.•18 views

CVE-2002-1405

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters...

5CVSS6.8AI score0.13122EPSS

Exploits0References10

CERT•added 2003/01/24 12:0 a.m.•18 views

Web servers enable HTTP TRACE method by default

Overview The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. Attackers could leverage this behavior to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request. Description The HTTP...

6.8AI score

Exploits0References14

Exploit DB•added 2003/01/16 12:0 a.m.•19 views

CSO Lanifex Outreach Project Tool 0.946b - Request Origin Spoofing

source: https://www.securityfocus.com/bid/6630/info It has been reported that OPT accepts the values supplied supplied by users in HTTP headers as the originating IP address of a request. It is possible for a remote host to supply a fake IP address in one of these environment variables that would...

7.4AI score

Exploits0

exploitpack•added 2003/01/16 12:0 a.m.•6 views

CSO Lanifex Outreach Project Tool 0.946b - Request Origin Spoofing

CSO Lanifex Outreach Project Tool 0.946b - Request Origin Spoofing source: https://www.securityfocus.com/bid/6630/info It has been reported that OPT accepts the values supplied supplied by users in HTTP headers as the originating IP address of a request. It is possible for a remote host to supply...

0.6AI score

Exploits0

Exploit DB•added 2002/12/19 12:0 a.m.•251 views

CUPS 1.1.x - Negative Length HTTP Header

source: https://www.securityfocus.com/bid/6437/info A vulnerability has been reported for CUPS that if exploited may result in a DoS or the execute of code on affected systems. An attacker can exploit this vulnerability by connecting to a vulnerable system and issuing malformed HTTP headers with ...

7.4AI score

Exploits0

exploitpack•added 2002/10/18 12:0 a.m.•7 views

IBM Websphere Caching Proxy 3.64.0 - Denial of Service

IBM Websphere Caching Proxy 3.64.0 - Denial of Service source: https://www.securityfocus.com/bid/6002/info A vulnerability has been reported in the Caching Proxy component bundled with IBM WebSphere Edge Server. The vulnerability is due to inadequate checks when processing HTTP headers. An attack...

7.3AI score

Exploits0

NVD•added 2002/10/11 4:0 a.m.•17 views

CVE-2002-1153

IBM Websphere 4.0.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host"...

5CVSS7.7AI score0.0258EPSS

Exploits1References5

Tenable Nessus•added 2002/09/21 12:0 a.m.•67 views

BrowseGate HTTP MIME Headers Remote Overflow

It is possible to kill the remote server by sending it an invalid request with too long HTTP headers Authorization and Referer. BrowseGate proxy is known to be vulnerable to this flaw. An attacker could exploit this vulnerability to cause the web server to crash continually or to execute arbitrar...

5CVSS6.3AI score0.08939EPSS

Exploits0References1

securityvulns•added 2002/09/19 12:0 a.m.•40 views

IBM WebSphere DoS

There is no limit for HTTP headers...

0.4AI score

Exploits0References1

Packet Storm•added 2002/09/11 12:0 a.m.•40 views

phpcrlf.txt

PHP fopen CRLF Injection PROGRAM: PHP VENDOR: The PHP Group HOMEPAGE: http://www.php.net/ VULNERABLE VERSIONS: 4.1.2, 4.2.2, 4.2.3, latest CVS, possibly others IMMUNE VERSIONS: none, but workarounds exist SEVERITY: medium DESCRIPTION: "PHP is a widely-used Open Source general-purpose scripting...

7.4AI score

Exploits0

exploitpack•added 2002/08/19 12:0 a.m.•24 views

Lynx 2.8.x - Command Line URL CRLF Injection

Lynx 2.8.x - Command Line URL CRLF Injection source: https://www.securityfocus.com/bid/5499/info A CRLF injection vulnerability has been reported for Lynx that may allow an attacker to include extra HTTP headers when viewing web pages. If Lynx is called from the command line, carriage return and...

Exploits0

Exploit DB•added 2002/08/19 12:0 a.m.•31 views

Lynx 2.8.x - Command Line URL CRLF Injection

source: https://www.securityfocus.com/bid/5499/info A CRLF injection vulnerability has been reported for Lynx that may allow an attacker to include extra HTTP headers when viewing web pages. If Lynx is called from the command line, carriage return and line feed CRLF characters may be included in...

7.4AI score

Exploits0

exploitpack•added 2002/05/15 12:0 a.m.•29 views

Microsoft Internet Explorer 5.0.16.0 - Content-Disposition Handling File Execution

Microsoft Internet Explorer 5.0.16.0 - Content-Disposition Handling File Execution source: https://www.securityfocus.com/bid/4752/info An issue exists in the way Microsoft Internet Explorer handles conflicting information in some HTTP headers used to describe non-HTML content. A malicious web...

7.5AI score

Exploits0

Exploit DB•added 2002/05/15 12:0 a.m.•23 views

Microsoft Internet Explorer 5.0.1/6.0 - Content-Disposition Handling File Execution

source: https://www.securityfocus.com/bid/4752/info An issue exists in the way Microsoft Internet Explorer handles conflicting information in some HTTP headers used to describe non-HTML content. A malicious web server may provide content with misleading values in the content-type and...

7.4AI score

Exploits0

CVE•added 2002/05/03 4:0 a.m.•36 views

CVE-2001-1245

Opera 5.0 for Linux is affected by a denial-of-service vulnerability caused by improper handling of malformed HTTP headers. A remote attacker could trigger a crash, potentially by sending a header whose value matches a MIME header name. The root cause is not detailed beyond this description, and ...

5CVSS7.2AI score0.01099EPSS

Exploits0References3Affected Software1

Cvelist•added 2002/05/03 4:0 a.m.•17 views

CVE-2001-1245

Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name...

6.9AI score0.01099EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by