CVE-2022-39958 Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

squid: improper input validation in HTTP Range header

An incorrect input validation flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability...

Moderate: Red Hat Security Advisory: squid:4 security, bug fix, and enhancement update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

squid: integer overflow in HTTP Range header

An integer overflow flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability...

Design/Logic Flaw

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this...

CVE-2021-1223 Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this...

PT-2021-1770 · Cisco +1 · Snort +1

Name of the Vulnerable Software and Affected Versions: Cisco products affected versions not specified Description: The issue is related to a vulnerability in the Snort detection engine, which could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. This is due ...

Security Bulletin: IBM Sterling B2B Integrator HTTP Range Header Vulnerability (CVE-2013-0494)

Summary IBM Sterling B2B Integrator is subject to HTTP Byte Range Denial Of Service attacks. Vulnerability Details CVE ID: CVE-2013-0494 DESCRIPTION: IBM Sterling B2B Integrator is subject to HTTP Byte Range Denial Of Service attacks. Specially crafted HTTP Range or Request-Range request headers...

Design/Logic Flaw

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substri...

CVE-2018-19791

LiteSpeed OpenLiteSpeed before 1.5.0 RC6 is affected. The server mishandles requests for byte sequences, allowing an attacker to amplify response size by repeatedly requesting the entire response body with an HTTP Range value starting with bytes=0-,0-. This can cause a Denial of Service (availabi...

CVE-2017-7529 Nginx integer overflow vulnerability analysis-vulnerability warning-the black bar safety net

1, the vulnerability described in In the Nginx range filter in the presence of an integer overflow vulnerability that can be through with the special structure of the range of the HTTP header of the malicious request to trigger this integer overflow vulnerability, and lead to information leakage...

CVE-2017-5850

httpd in OpenBSD allows remote attackers to cause a denial of service memory consumption via a series of requests for a large file using an HTTP Range header...

CVE-2017-5850

httpd in OpenBSD allows remote attackers to cause a denial of service memory consumption via a series of requests for a large file using an HTTP Range header...

RHEL 7 : squid (RHSA-2014:1147)

Updated squid packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from...

uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 Range header DoS Exploit

No description provided by source. !/usr/bin/perl uTorrent / BitTorrent WebIU HTTP 1.7.7/6.0.1 Range header Denial of Service exploit according to the following advisory: http://secunia.com/advisories/30605 usage: WebUI-dos.pl url port user:pass Exploit written by Exodus. http://www.blackhat.org....