Lucene search
K

3718 matches found

Hacker One
Hacker One
added 2014/05/18 1:22 p.m.35 views

ReddAPI: Content Sniffing not disabled

URL :- https://api.reddapi.com/ Issue description :- There was no "X-Content-Type-Options" HTTP header with the value nosniff set in the response. The lack of this header causes that certain browsers, try to determine the content type and encoding of the response even when these properties are...

0.1AI score
Exploits0
Amazon
Amazon
added 2014/05/06 12:0 a.m.35 views

Medium: mod24_security

Issue Overview: apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. Affected Packages: mod24security Issue Correction: Run yum update mod24security or yum...

5CVSS6.4AI score0.02648EPSS
Exploits2
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.103 views

APPLE-SA-2014-04-22-3 Apple TV 6.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-3 Apple TV 6.1.1 Apple TV 6.1.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker in a privileged network position can obtain web site credentials Descriptio...

10CVSS0.2AI score0.34782EPSS
Exploits14
NVD
NVD
added 2014/04/23 8:55 p.m.15 views

CVE-2011-5279

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...

5CVSS6.9AI score0.19092EPSS
Exploits1References6
Prion
Prion
added 2014/04/23 8:55 p.m.12 views

Crlf injection

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...

5CVSS7.4AI score0.19092EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2014/04/23 8:0 p.m.21 views

CVE-2011-5279

CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services IIS 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n newline character in an HTTP header...

6.9AI score0.19092EPSS
Exploits1References6
NVD
NVD
added 2014/04/23 11:52 a.m.21 views

CVE-2014-1296

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP...

4.3CVSS5.8AI score0.0188EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/04/23 10:0 a.m.35 views

CVE-2014-1296

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP...

5.8AI score0.0188EPSS
Exploits0References3
CVE
CVE
added 2014/04/23 10:0 a.m.64 views

CVE-2014-1296

CFNetwork in iOS before 7.1.1, OS X up to 10.9.2, and Apple TV before 6.1.1 mishandles incomplete Set-Cookie headers, allowing a remote attacker to bypass access restrictions by closing the TCP connection during header transmission (HTTPOnly). Public fix/version not specified in the provided docu...

4.3CVSS5.9AI score0.0188EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2014/04/21 4:55 a.m.30 views

OkCupid: Reflected XSS on www.okcupid.com/signup

Reflected XSS on www.okcupid.com/signup Im using Live HTTP Header for this bug. 1 Go to https://www.okcupid.com/signup 2 Click on continue 3 Enter details 4 Live HTTP Headers or any HTTP Editor should be running before clicking "Next" button. 5 Edit the following POST Headers : Host:...

6.3AI score
Exploits0
CVE
CVE
added 2014/04/18 7:0 p.m.83 views

CVE-2014-2286

CVE-2014-2286 affects Asterisk Open Source by vulnerable main/http.c in 1.8.x <1.8.26.1, 11.8.x <11.8.1, and 12.1.x <12.1.1 (and Certified Asterisk

7.5CVSS7.6AI score0.16262EPSS
Exploits1References7Affected Software2
OSV
OSV
added 2014/04/15 10:55 a.m.3 views

CVE-2013-5705

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

6.3AI score
Exploits0References5
Prion
Prion
added 2014/04/15 10:55 a.m.20 views

Authentication flaw

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

5CVSS7AI score0.02648EPSS
Exploits2References3Affected Software2
CVE
CVE
added 2014/04/15 10:0 a.m.113 views

CVE-2013-5705

Affected software: ModSecurity (Apache module) before 2.7.6. Root cause: flawed handling of chunked Transfer-Encoding with a capitalized Chunked value in the HTTP header. Impact: remote attackers can bypass mod_security rules. Remediation: upgrade to ModSecurity 2.7.6 or newer (as cited by multip...

5CVSS6AI score0.02648EPSS
Exploits2References3Affected Software1
seebug.org
seebug.org
added 2014/04/04 12:0 a.m.28 views

Cisco Security Manager HTTP Header开放重定向漏洞

Bugtraq ID:66566 CVE ID:CVE-2014-2138 Cisco Security Manager可将配置策略的任务和针对思科安全部署的控制措施集中起来处理,从而能够高效地管理企业级安全性。 Cisco Security Manager WEB架构存在安全漏洞,允许攻击者利用漏洞注入特制的HTTP头,重定向WEB页至恶意站点。 0 Cisco Security Manager 目前没有详细解决方案: https://www.cisco.com...

4.3CVSS6.6AI score0.00947EPSS
Exploits1
Mageia
Mageia
added 2014/04/03 12:16 a.m.53 views

Updated tomcat package fixes security vulnerabilities

Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling 1 a large total amount of chunked data or 2 whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data CVE-2013-4322...

5.8CVSS3.2AI score0.16833EPSS
Exploits5References2
Metasploit
Metasploit
added 2014/04/02 8:4 p.m.41 views

HTTP Header Detection

This module shows HTTP Headers returned by the scanned systems. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Header Detection', 'Description' = %q This module shows HTTP Headers returne...

7.3AI score
Exploits0
NVD
NVD
added 2014/04/02 3:58 a.m.20 views

CVE-2014-2137

CRLF injection vulnerability in the web framework in Cisco Web Security Appliance WSA 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002...

4.3CVSS6.8AI score0.00947EPSS
Exploits1References2
Cisco
Cisco
added 2014/04/01 7:37 p.m.20 views

Cisco WSA HTTP Header Injection Vulnerability

A vulnerability in the web framework of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could cause a web page redirection to a possible malicious website. The vulnerability is due to insufficient validation of user input befor...

4.3CVSS6.4AI score0.00947EPSS
Exploits1References1
Cisco
Cisco
added 2014/04/01 7:11 p.m.14 views

Cisco Security Manager HTTP Header Redirection Vulnerability

A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to inject a crafted HTTP header, which will cause a web page redirection to a possible malicious website. The vulnerability is due to insufficient validation of user input before using i...

4.3CVSS6.3AI score0.00947EPSS
Exploits1References1
Rows per page
Query Builder