3718 matches found
ReddAPI: Content Sniffing not disabled
URL :- https://api.reddapi.com/ Issue description :- There was no "X-Content-Type-Options" HTTP header with the value nosniff set in the response. The lack of this header causes that certain browsers, try to determine the content type and encoding of the response even when these properties are...
Medium: mod24_security
Issue Overview: apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. Affected Packages: mod24security Issue Correction: Run yum update mod24security or yum...
APPLE-SA-2014-04-22-3 Apple TV 6.1.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-3 Apple TV 6.1.1 Apple TV 6.1.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker in a privileged network position can obtain web site credentials Descriptio...
CVE-2011-5279
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...
Crlf injection
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...
CVE-2011-5279
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...
CVE-2014-1296
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP...
CVE-2014-1296
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP...
CVE-2014-1296
CFNetwork in iOS before 7.1.1, OS X up to 10.9.2, and Apple TV before 6.1.1 mishandles incomplete Set-Cookie headers, allowing a remote attacker to bypass access restrictions by closing the TCP connection during header transmission (HTTPOnly). Public fix/version not specified in the provided docu...
OkCupid: Reflected XSS on www.okcupid.com/signup
Reflected XSS on www.okcupid.com/signup Im using Live HTTP Header for this bug. 1 Go to https://www.okcupid.com/signup 2 Click on continue 3 Enter details 4 Live HTTP Headers or any HTTP Editor should be running before clicking "Next" button. 5 Edit the following POST Headers : Host:...
CVE-2014-2286
CVE-2014-2286 affects Asterisk Open Source by vulnerable main/http.c in 1.8.x <1.8.26.1, 11.8.x <11.8.1, and 12.1.x <12.1.1 (and Certified Asterisk
CVE-2013-5705
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...
Authentication flaw
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...
CVE-2013-5705
Affected software: ModSecurity (Apache module) before 2.7.6. Root cause: flawed handling of chunked Transfer-Encoding with a capitalized Chunked value in the HTTP header. Impact: remote attackers can bypass mod_security rules. Remediation: upgrade to ModSecurity 2.7.6 or newer (as cited by multip...
Cisco Security Manager HTTP Header开放重定向漏洞
Bugtraq ID:66566 CVE ID:CVE-2014-2138 Cisco Security Manager可将配置策略的任务和针对思科安全部署的控制措施集中起来处理,从而能够高效地管理企业级安全性。 Cisco Security Manager WEB架构存在安全漏洞,允许攻击者利用漏洞注入特制的HTTP头,重定向WEB页至恶意站点。 0 Cisco Security Manager 目前没有详细解决方案: https://www.cisco.com...
Updated tomcat package fixes security vulnerabilities
Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling 1 a large total amount of chunked data or 2 whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data CVE-2013-4322...
HTTP Header Detection
This module shows HTTP Headers returned by the scanned systems. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Header Detection', 'Description' = %q This module shows HTTP Headers returne...
CVE-2014-2137
CRLF injection vulnerability in the web framework in Cisco Web Security Appliance WSA 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002...
Cisco WSA HTTP Header Injection Vulnerability
A vulnerability in the web framework of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could cause a web page redirection to a possible malicious website. The vulnerability is due to insufficient validation of user input befor...
Cisco Security Manager HTTP Header Redirection Vulnerability
A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to inject a crafted HTTP header, which will cause a web page redirection to a possible malicious website. The vulnerability is due to insufficient validation of user input before using i...