Lucene search
K

245 matches found

CVE
CVE
added 2006/10/17 9:0 p.m.101 views

CVE-2006-5330

The CVE-2006-5330 issue affects Adobe Flash Player plugins prior to 7.0.69 (and earlier variants) across Windows, Linux, Solaris, and macOS, causing remote attackers to modify HTTP headers and perform HTTP Request Splitting via CRLF in arguments to ActionScript functions (XML.addRequestHeader, XM...

5CVSS8AI score0.22602EPSS
Exploits0References24Affected Software1
securityvulns
securityvulns
added 2006/08/17 12:0 a.m.40 views

Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)"

Sending arbitrary HTTP requests with Flash 7/8 +IE 6.0 Amit Klein, August 2006 The trick ========= In 1, I showed how to forge parts of HTTP requests containing CRs and LFs using Flash. In that write-up, the data was part of the HTTP body section. However, combining the Content-Length overriding...

0.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/03/21 12:0 a.m.22 views

HP-UX PHSS_34204 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)

s700800 11.04 Webproxy server 2.0 update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement...

4.3CVSS8AI score0.20461EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2005/11/07 12:0 a.m.35 views

Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : apache (SSA:2005-310-04)

New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix potential security issues: If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks. Added...

4.3CVSS8.2AI score0.20461EPSS
Exploits1References3
CVE
CVE
added 2005/09/23 4:0 a.m.105 views

CVE-2005-2703

CVE-2005-2703 affects Firefox up to 1.0.7 and Mozilla Suite up to 1.7.12. The issue lets a remote attacker modify HTTP headers of XML HTTP requests made via XMLHttpRequest, potentially enabling attacks such as HTTP request smuggling or splitting. This is triggered by how XMLHttpRequests are handl...

5CVSS6.5AI score0.01789EPSS
Exploits0References31Affected Software2
Rows per page
Query Builder