4 matches found
UBUNTU-CVE-2017-5660
There is a vulnerability in Apache Traffic Server ATS 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used...
PHP 5.6.x < 5.6.28 / 7.0.x < 7.0.13 Multiple Vulnerabilities
Binary data 9809.prm...
CVE-2016-4553
clientside.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request...
CVE-2011-2990
The implementation of Content Security Policy CSP violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by...