Lucene search
K

133 matches found

OSV
OSV
added 2019/08/13 9:15 p.m.3 views

ALPINE-CVE-2019-9514

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the...

7.5CVSS8.9AI score0.82813EPSS
Exploits0References1
OSV
OSV
added 2019/02/07 4:29 p.m.17 views

CVE-2019-7535

index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology...

5.3CVSS5.8AI score0.01103EPSS
Exploits0References1
CNVD
CNVD
added 2018/12/07 12:0 a.m.4 views

IBM Connections Information Disclosure Vulnerability (CNVD-2018-26361)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. An information...

4.3CVSS4.4AI score0.01316EPSS
Exploits0References1
OSV
OSV
added 2018/12/06 2:29 p.m.4 views

CVE-2018-1935

IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. IBM X-Force ID: 153315...

4.3CVSS5.8AI score0.01316EPSS
Exploits0References3
OSV
OSV
added 2018/09/14 12:29 p.m.3 views

CVE-2018-1791

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID:...

4.9CVSS5.8AI score0.00979EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/06/07 5:22 p.m.5 views

undertow: HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

6.5CVSS7.3AI score0.02712EPSS
Exploits0References4
Prion
Prion
added 2017/05/11 2:29 p.m.7 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none...

7.1AI score
Exploits0
Prion
Prion
added 2017/04/12 8:59 p.m.24 views

Design/Logic Flaw

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

5CVSS7.8AI score0.05177EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2017/04/12 8:59 p.m.17 views

CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

7.5CVSS7.4AI score0.05177EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2017/04/12 8:59 p.m.22 views

CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

7.5CVSS6.8AI score0.05177EPSS
Exploits0References2
OSV
OSV
added 2017/04/12 8:59 p.m.7 views

UBUNTU-CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

7.5CVSS7.3AI score0.05177EPSS
Exploits0References3
OSV
OSV
added 2017/04/12 8:59 p.m.25 views

CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

7.5CVSS6.9AI score
Exploits0References9
Debian CVE
Debian CVE
added 2017/04/12 8:0 p.m.32 views

CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

7.5CVSS6.8AI score0.05177EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2017/03/15 1:1 p.m.6 views

tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

7.1CVSS7.2AI score0.39633EPSS
Exploits6References10
Hacker One
Hacker One
added 2017/03/13 11:40 a.m.16 views

Nextcloud: Invalid request may lead content spoofing for phishing

HI, I found that site have invalid request may lead to content spoof. Proof Of Concept: https://logs.nextcloud.com/redirecturi?Andmovet0malicioussite.com Thanks,...

0.1AI score
Exploits0
Prion
Prion
added 2017/02/04 6:59 p.m.5 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2017/02/02 8:36 p.m.6 views

tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

7.1CVSS7.2AI score0.39633EPSS
Exploits6References10
RedHat Linux
RedHat Linux
added 2017/02/02 8:23 p.m.7 views

tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP...

7.1CVSS7.2AI score0.39633EPSS
Exploits6References10
OSV
OSV
added 2016/11/30 11:59 a.m.3 views

CVE-2016-2935

The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request...

5.3CVSS5.8AI score0.01592EPSS
Exploits0References3
OSV
OSV
added 2016/11/23 12:0 a.m.3 views

UBUNTU-CVE-2016-6816

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a...

7.1CVSS7AI score0.39633EPSS
Exploits6References5
Rows per page
Query Builder