Lucene search
K

3718 matches found

OSV
OSV
added 2016/01/18 12:0 a.m.17 views

DLA-394-1 passenger - security update

Bulletin has no description...

4.3CVSS4.3AI score0.02364EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/01/15 12:0 a.m.45 views

JVN#45928828: H2O vulnerable to HTTP header injection

H2O is an open source web server software. H2O contains an HTTP header injection vulnerability. Impact An HTTP response splitting attack may result in arbitrary cookie values. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...

4.3CVSS4.2AI score0.01459EPSS
Exploits0
Prion
Prion
added 2016/01/08 7:59 p.m.12 views

Design/Logic Flaw

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an underscore character instead of a -...

4.3CVSS7AI score0.02364EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2016/01/08 7:0 p.m.16 views

CVE-2015-7519

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an underscore character instead of a -...

4.3CVSS4.9AI score0.02364EPSS
Exploits0
CVE
CVE
added 2016/01/08 7:0 p.m.92 views

CVE-2015-7519

Summary (validated by connected docs): CVE-2015-7519 affects Phusion Passenger in Apache integration or standalone mode without a filtering proxy, where the module’s HTTP header handling in agent/Core/Controller/SendRequest.cpp allows remote attackers to spoof headers by replacing a dash with an ...

4.3CVSS4.2AI score0.02364EPSS
Exploits0References8Affected Software1
Check Point Advisories
Check Point Advisories
added 2015/12/21 12:0 a.m.0 views

Base64 Decode Method inside HTTP Header

Attackers may use Base64 encoded content inside HTTP headers, and decode it dynamically in order to avoid being detected by IPS products...

1.4AI score
Exploits0
0day.today
0day.today
added 2015/12/19 12:0 a.m.336 views

Joomla 1.5 - 3.4.5 - HTTP Header Unauthenticated Remote Code Execution Exploit

Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the sessi...

7.5CVSS0.3AI score0.98283EPSS
Exploits16
Packet Storm
Packet Storm
added 2015/12/17 12:0 a.m.574 views

Joomla HTTP Header Unauthenticated Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Joomla HTTP Header Unauthenticated Remote Code Execution', 'Description' = %q Joomla suffers from an unauthenticated remote code...

7.5CVSS0.3AI score0.98283EPSS
Exploits16
Tenable Nessus
Tenable Nessus
added 2015/12/17 12:0 a.m.69 views

RHEL 6 : JBoss Web Server (RHSA-2015:2659)

Updated Red Hat JBoss Web Server 3.0.2 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

7.8CVSS6.7AI score0.73327EPSS
Exploits2References11
myhack58
myhack58
added 2015/12/07 12:0 a.m.17 views

The Ceph Object Gateway CRLF Vulnerability(CVE-2 0 1 5-5 2 4 5)-vulnerability warning-the black bar safety net

CVECAN ID: CVE-2 0 1 5-5 2 4 5 The Ceph Object Gateway is constructed in the librados on top of the object storage interface, you can make the application through a RESTful gateway to access the distributed storage system Ceph Storage Clusters. Ceph 0.94.4 before the version, Ceph Object Gateway,...

1.3AI score
Exploits0
NVD
NVD
added 2015/12/03 8:59 p.m.31 views

CVE-2015-5245

CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...

4.3CVSS6.7AI score0.01907EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/11/24 12:0 a.m.70 views

RHEL 7 : Red Hat Ceph Storage 1.3.1 (RHSA-2015:2066)

Red Hat Ceph Storage 1.3.1 that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

4.3CVSS6.5AI score0.01907EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2015/11/23 9:34 p.m.82 views

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 1.3.1 security, bug fix, and enhancement update

Red Hat Ceph Storage 1.3.1 that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

4.3CVSS6.6AI score0.01907EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2015/11/23 8:20 p.m.25 views

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 1.3.1 security, bug fix, and enhancement update

Red Hat Ceph Storage 1.3.1 that fixes one security issue, multiple bugs, and adds various enhancements is now available for Ubuntu 14.04. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

4.3CVSS6.6AI score0.01907EPSS
Exploits0References21
Kitploit
Kitploit
added 2015/11/18 9:37 p.m.27 views

GetHead - HTTP Header Analysis Vulnerability Tool

gethead.py is a Python HTTP Header Analysis Vulnerability Tool. It identifies security vulnerabilities and the lack of protection in HTTP Headers. Usage: $ python gethead.py http://domain.com Changelog Version 0.1 - Initial Release Written in Python 2.7.5 Performs HTTP Header Analysis Reports...

7.9AI score
Exploits0References2
Prion
Prion
added 2015/11/16 7:59 p.m.17 views

Server side request forgery (ssrf)

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...

7.5CVSS8.2AI score0.03931EPSS
Exploits3References5Affected Software1
Debian CVE
Debian CVE
added 2015/11/16 7:0 p.m.11 views

CVE-2015-7816

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...

7.5CVSS8.2AI score0.03931EPSS
Exploits3
CNVD
CNVD
added 2015/11/05 12:0 a.m.1 views

Google Golang Go HTTP Header Injection Vulnerability

Google Golang Go is a programming language optimized for programming applications on multiprocessor systems by Google. An HTTP header injection vulnerability exists in Google Golang Go. An attacker can exploit this vulnerability to inject arbitrary HTTP headers into the server response, bypass...

9.8CVSS9.4AI score0.02704EPSS
Exploits0References1
Hacker One
Hacker One
added 2015/11/02 5:58 p.m.246 views

HackerOne: HTTP header injection in info.hackerone.com allows setting cookies for hackerone.com

The subdomain info.hackerone.com is vulnerable to HTTP header injection. I'm aware that you are only interested in critical issues affecting this subdomain. However, you may be interested in this issue as a vulnerability in this domain may affect the domain hackerone.com. The vulnerability is a...

7.6AI score
Exploits0
OpenVAS
OpenVAS
added 2015/10/29 12:0 a.m.26 views

Apple Mac OS X Web Service component (HTTP header) Security Bypass Vulnerability

Apple Mac OS X is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:apple:osxserver";...

5CVSS5.2AI score0.01983EPSS
Exploits0References2
Rows per page
Query Builder