Lucene search
K

3718 matches found

OpenVAS
OpenVAS
added 2013/09/18 12:0 a.m.29 views

Debian Security Advisory DSA 2587-1 (libcgi-pm-perl - HTTP header injection)

It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers. OpenVAS Vulnerability Test $Id: deb25871.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2587-1 using...

5CVSS0.1AI score0.03261EPSS
Exploits0References1
Prion
Prion
added 2013/09/16 7:14 p.m.24 views

Design/Logic Flaw

clientsiderequest.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header...

5CVSS6.8AI score0.80451EPSS
Exploits0References6Affected Software2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.46 views

Amazon Linux AMI : httpd (ALAS-2012-46)

It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI...

5CVSS8AI score0.90734EPSS
Exploits24References5
Kitploit
Kitploit
added 2013/08/27 3:52 a.m.17 views

11 Firefox Add-ons to Hack and PenTest

1. Tamper Data Tamper data is an great tool to to view and modify HTTP/HTTPS headers and post parameters. We can alter each request going from our machine to destination host with this. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XS...

7.6AI score
Exploits0
OSV
OSV
added 2013/08/23 4:55 p.m.9 views

CVE-2013-3372

Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting XSS attacks via unspecified vectors...

7.9AI score
Exploits0References10
Check Point Advisories
Check Point Advisories
added 2013/08/20 12:0 a.m.0 views

Web Servers Malicious HTTP Header Directory Traversal

There exists a directory traversal vulnerability On different web servers...

6.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2013/08/20 12:0 a.m.5 views

Microsoft Windows HTTP.sys Denial of Service (MS13-039) - Improved Performance (CVE-2013-1305)

A denial of service vulnerability has been reported in Windows Server 2012 and Windows 8. The vulnerability is due to an error in the way HTTP.sys handles a malicious HTTP header. Successful exploitation would result in a denial of service condition...

7.8CVSS6.1AI score0.54665EPSS
Exploits1
NVD
NVD
added 2013/08/19 1:7 p.m.19 views

CVE-2013-2175

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values, related to the...

5CVSS6.4AI score0.03519EPSS
Exploits0References7
CVE
CVE
added 2013/08/19 12:0 a.m.115 views

CVE-2013-2175

HAProxy vulnerability CVE-2013-2175 affects HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19. When configured to use hdr_ip or other hdr_* functions with a negative occurrence count, a remote attacker can cause a denial of service due to negative array index usage and a crash, via an HTTP heade...

5CVSS6.5AI score0.03519EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2013/08/19 12:0 a.m.19 views

CVE-2013-2175

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values, related to the...

6.3AI score0.03519EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2013/08/19 12:0 a.m.25 views

CVE-2013-2175

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values, related to the...

5CVSS6.5AI score0.03519EPSS
Exploits0
Atlassian
Atlassian
added 2013/08/13 1:36 a.m.19 views

Convert the SecurityHeadersInterceptor into a filter that applies to /*

The X-XSS-Protection HTTP header should be sent on all responses with a value of "1; mode=block". As the current implementation is done in an interceptor0 it is possible for some resources to be sent without the X-XSS-Protection header. 0 SecurityHeadersInterceptor is in the default interceptor...

1.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/13 1:36 a.m.16 views

Convert the SecurityHeadersInterceptor into a filter that applies to /*

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-30356. panel The X-XSS-Protection HTTP header should be sent on all responses with a value of "1; mode=block". As the current...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/13 1:36 a.m.17 views

Convert the SecurityHeadersInterceptor into a filter that applies to /*

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-30356. panel The X-XSS-Protection HTTP header should be sent on all responses with a value of "1; mode=block". As the current...

0.7AI score
Exploits0Affected Software1
Prion
Prion
added 2013/08/09 11:55 p.m.17 views

Design/Logic Flaw

IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cause a denial of service memory and CPU consumption via a crafted HTTP 1 Range or 2 Request-Range header...

5CVSS7AI score0.02027EPSS
Exploits0References3Affected Software1
Amazon
Amazon
added 2013/08/07 12:0 a.m.34 views

Medium: haproxy

Issue Overview: HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values,...

5CVSS6.7AI score0.03519EPSS
Exploits0
NVD
NVD
added 2013/07/23 5:20 p.m.17 views

CVE-2013-3439

Cross-site scripting XSS vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182...

4.3CVSS5.7AI score0.01792EPSS
Exploits0References5
Cvelist
Cvelist
added 2013/07/23 5:0 p.m.17 views

CVE-2013-3439

Cross-site scripting XSS vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182...

5.7AI score0.01792EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2013/07/13 3:3 p.m.11 views

LinkedIn Clickjacking vulnerability tricks users to spam links

A Clickjacking vulnerability existed on LinkedIn that allowed an attacker to trick users for sharing and posting links on behalf of victim. Narendra BhatiR00t Sh3ll, Security Analyst at Cyber Octet informed us about LinkedIn Bug. Clickjacking, also referred as "User Interface redress attack" is o...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.47 views

Oracle Linux 6 : httpd (ELSA-2012-0128)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0128 advisory. - add security fixes for CVE-2011-4317, CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 787598 Tenable has extracted the preceding description block direct...

4.6CVSS7.3AI score0.82756EPSS
Exploits13References6
Rows per page
Query Builder