148 matches found
DEBIAN-CVE-2019-18609
An issue was discovered in amqphandleinput in amqpconnection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTIONSTATEHEADER. A rogue server could return a malicious frame header that leads to a smaller targetsize value than needed...
SUSE-SU-2019:3126-1 Security update for haproxy
This update for haproxy to version 2.0.10 fixes the following issues: HAProxy was updated to 2.0.10 Security issues fixed: - CVE-2019-18277: Fixed a potential HTTP smuggling in messages with transfer-encoding header missing the 'chunked' bsc1154980. - Fixed an improper handling of headers which...
CVE-2019-15226
Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had...
CVE-2019-3721
CVE-2019-3721 affects Dell EMC OpenManage System Administrator (OMSA) prior to version 9.3.0. The issue is an improper range header processing vulnerability in OMSA’s handling of HTTP Range requests; crafted requests with overlapping ranges can cause the application to compress each requested byt...
Debian DSA-4267-1 : kamailio - security update
Henning Westerholt discovered a flaw related to the To header processing in kamailio, a very fast, dynamic and configurable SIP server. Missing input validation in the buildresbuffromsipreq function could result in denial of service and potentially the execution of arbitrary code. C Tenable Netwo...
ALPINE-CVE-2018-1000027
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via...
jwt-scala fails to verify token signatures
Overview jwt-scala contains a vulnerability where it fails to verify token signatures correctly. jwt-scala is a Scala library to handle JSON Web Token JWT. jwt-scala contains a vulnerability where it fails to verify token signatures correctly due to improper processing of JWT headers. Toshiharu...
Live Helper Chat Cross-Site Scripting Vulnerability
Live Helper Chat is a cross-platform online chat program. A cross-site scripting vulnerability exists in the HTTP packet header processing in Live Helper Chat 2.06v and prior versions. A remote attacker can exploit this vulnerability to execute arbitrary Javascript code within another user's...
Cisco cBR Series Converged Broadband Routers Denial of Service Vulnerability
Cisco cBR Series Converged Broadband Routers is a router device. A security vulnerability in the Cisco cBR Series Converged Broadband Routers processing list header field allows remote attackers to exploit the vulnerability to submit a special request for a denial of service attack...
httpd: bypass of mod_headers rules via chunked requests
A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...
httpd: bypass of mod_headers rules via chunked requests
A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...
namshi/jose fails to verify token signatures
Overview namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
The IIS server vulnerability analysis-vulnerability warning-the black bar safety net
4 on 1 to 5 November, in Microsoft's patch day, Microsoft released a more high-risk vulnerabilities, one of MS15-0 3 4 vulnerability that affects most widely, will cause the IIS server to blue screen crash, special circumstances or lead to information disclosure. Alibaba security research...
squid: assertion failure in Range header processing (SQUID-2014:2)
A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid...
squid security update
7:3.3.8-12 - Resolves: 1134933 - CVE-2014-3609 assertion failure in header processing...
squid security update
7:3.1.10-22 - Resolves: 1134936 - CVE-2013-4115 buffer overflow when processing overly long DNS names 7:3.1.10-21 - Resolves: 1134936 - CVE-2014-3609 assertion failure in header processing...
RedHat Update for tomcat6 RHSA-2012:0475-01
Check for the Version of tomcat6 OpenVAS Vulnerability Test RedHat Update for tomcat6 RHSA-2012:0475-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Polipo 1.0.4.1 - POST/PUT HTTP Header Processing Denial of Service
source: https://www.securityfocus.com/bid/49908/info Polipo is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Polipo 1.0.4.1 is vulnerable; other versions may also be affected...
Polipo 1.0.4.1 - POSTPUT HTTP Header Processing Denial of Service
Polipo 1.0.4.1 - POSTPUT HTTP Header Processing Denial of Service source: https://www.securityfocus.com/bid/49908/info Polipo is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Polipo 1.0.4...
Google Chrome < 4.1.249.1036 Multiple Vulnerabilities
Binary data 5364.pasl...