3718 matches found
Debian Security Advisory DSA 2587-1 (libcgi-pm-perl - HTTP header injection)
It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers. OpenVAS Vulnerability Test $Id: deb25871.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2587-1 using...
Design/Logic Flaw
clientsiderequest.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header...
Amazon Linux AMI : httpd (ALAS-2012-46)
It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI...
11 Firefox Add-ons to Hack and PenTest
1. Tamper Data Tamper data is an great tool to to view and modify HTTP/HTTPS headers and post parameters. We can alter each request going from our machine to destination host with this. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XS...
CVE-2013-3372
Request Tracker RT 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting XSS attacks via unspecified vectors...
Web Servers Malicious HTTP Header Directory Traversal
There exists a directory traversal vulnerability On different web servers...
Microsoft Windows HTTP.sys Denial of Service (MS13-039) - Improved Performance (CVE-2013-1305)
A denial of service vulnerability has been reported in Windows Server 2012 and Windows 8. The vulnerability is due to an error in the way HTTP.sys handles a malicious HTTP header. Successful exploitation would result in a denial of service condition...
CVE-2013-2175
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values, related to the...
CVE-2013-2175
HAProxy vulnerability CVE-2013-2175 affects HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19. When configured to use hdr_ip or other hdr_* functions with a negative occurrence count, a remote attacker can cause a denial of service due to negative array index usage and a crash, via an HTTP heade...
CVE-2013-2175
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values, related to the...
CVE-2013-2175
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values, related to the...
Convert the SecurityHeadersInterceptor into a filter that applies to /*
The X-XSS-Protection HTTP header should be sent on all responses with a value of "1; mode=block". As the current implementation is done in an interceptor0 it is possible for some resources to be sent without the X-XSS-Protection header. 0 SecurityHeadersInterceptor is in the default interceptor...
Convert the SecurityHeadersInterceptor into a filter that applies to /*
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-30356. panel The X-XSS-Protection HTTP header should be sent on all responses with a value of "1; mode=block". As the current...
Convert the SecurityHeadersInterceptor into a filter that applies to /*
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-30356. panel The X-XSS-Protection HTTP header should be sent on all responses with a value of "1; mode=block". As the current...
Design/Logic Flaw
IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cause a denial of service memory and CPU consumption via a crafted HTTP 1 Range or 2 Request-Range header...
Medium: haproxy
Issue Overview: HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdrip or other "hdr" functions with a negative occurrence count, allows remote attackers to cause a denial of service negative array index usage and crash via an HTTP header with a certain number of values,...
CVE-2013-3439
Cross-site scripting XSS vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182...
CVE-2013-3439
Cross-site scripting XSS vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182...
LinkedIn Clickjacking vulnerability tricks users to spam links
A Clickjacking vulnerability existed on LinkedIn that allowed an attacker to trick users for sharing and posting links on behalf of victim. Narendra BhatiR00t Sh3ll, Security Analyst at Cyber Octet informed us about LinkedIn Bug. Clickjacking, also referred as "User Interface redress attack" is o...
Oracle Linux 6 : httpd (ELSA-2012-0128)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0128 advisory. - add security fixes for CVE-2011-4317, CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 787598 Tenable has extracted the preceding description block direct...