245 matches found
CVE-2006-5330
The CVE-2006-5330 issue affects Adobe Flash Player plugins prior to 7.0.69 (and earlier variants) across Windows, Linux, Solaris, and macOS, causing remote attackers to modify HTTP headers and perform HTTP Request Splitting via CRLF in arguments to ActionScript functions (XML.addRequestHeader, XM...
Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)"
Sending arbitrary HTTP requests with Flash 7/8 +IE 6.0 Amit Klein, August 2006 The trick ========= In 1, I showed how to forge parts of HTTP requests containing CRs and LFs using Flash. In that write-up, the data was part of the HTTP body section. However, combining the Content-Length overriding...
HP-UX PHSS_34204 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)
s700800 11.04 Webproxy server 2.0 update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement...
Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : apache (SSA:2005-310-04)
New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix potential security issues: If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks. Added...
CVE-2005-2703
CVE-2005-2703 affects Firefox up to 1.0.7 and Mozilla Suite up to 1.7.12. The issue lets a remote attacker modify HTTP headers of XML HTTP requests made via XMLHttpRequest, potentially enabling attacks such as HTTP request smuggling or splitting. This is triggered by how XMLHttpRequests are handl...