CVE-2019-4173

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending an OPTIONS HTTP request, a remote attacker could exploit this vulnerability to read secret data...

PT-2019-16948 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.2.0 through 10.4.0 Description: A flaw in the HTTP OPTIONS method, also known as Optionsbleed, could allow a remote attacker to obtain sensitive information. By sending an OPTIONS HTTP request to the / API...

Apache Optionsbleed Scanner

This module scans for the Apache optionsbleed vulnerability where the Allow response header returned from an OPTIONS request may bleed memory if the server has a .htaccess file with an invalid Limit method defined. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2016-0210

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP...

CVE-2016-0210

IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP...

IBM Sterling B2B Integrator Information Disclosure Vulnerability (CNVD-2016-03222)

IBM Sterling B2B Integrator is a suite of software that integrates essential B2B processes, transactions and relationships. A security vulnerability in IBM Sterling B2B Integrator exists when the program uses the HTTP OPTIONS method, allowing a remote attacker to obtain sensitive information by...

Open-Xchange: nginx server vulnerable

1 Vulnerability: Clickjacking Vulnerable Domain: lists.dovecot.fi Vulnerable URL: http://lists.dovecot.fi/?C=N;O=D%3Cscript%3Ealert%22Thalaivarsubu%22%3C/script%3E Browser version: Google Chrome 50.0.2661.94 Operating system: Windows 7 Steps to Reproduce: iframe width: 800px; height: 500px;...

HTTP 'OPTIONS' Method Detection

Binary data 8697.prm...

CVE-2013-7401

The parserequest function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service crash via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method...

Design/Logic Flaw

The parserequest function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service crash via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method...

Openfolio: Options Method Enabled

Vuln Details: Domain: https://openfolio.com/ I detected that OPTIONS method is allowed Impact: Information disclosed from this page can be used to gain additional information about the target system. Remedy: Disable OPTIONS method in all production systems. POC: Request: OPTIONS /signup/ HTTP/1.1...

X (Formerly Twitter): Option Method Enabled on web server

Vuln Details: I detected that OPTIONS method is allowed. This issue is reported as extra information. Impact: Information disclosed from this page can be used to gain additional information about the target system Remedy: Disable OPTIONS method in all production systems. POC: REQUEST: OPTIONS...

Localize: OPTIONS Method Enabled

HTTP OPTIONS method is enabled on the web server of Localize. The OPTIONS method provides a list of the methods that are supported by the web server, it represents a request for information about the communication options available on the request/response chain identified by the Request-URI. This...

C2FO: OPTIONS Method Enabled

Vulnerability Details:- I detected that OPTIONS method is allowed. This issue is reported as extra information. Impact:- Information disclosed from this page can be used to gain additional information about the target system. Remedy:- Disable OPTIONS method in all production systems. POC :- Reque...

allowed_methods

This plugin finds which HTTP methods are enabled for a URI. Two configurable parameters exist: execOneTime reportDavOnly If "execOneTime" is set to True, then only the methods in the webroot are enumerated. If "reportDavOnly" is set to True, this plugin will only report the enabled method list if...

Siemens Gigaset IP Series SIP Username Enumeration

Siemens Gigaset ip series sip username enumeration Author: francesco.tornieri "At" verona-wireless.net Summary: Sip responses permit user identification Release Date: 23/08/2011 Criticality level: Low Impact: Information leak Device: Siemens Gigaset IP series Tested A580IP Description: I've...

HTTP Methods Allowed (per directory)

By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. The following HTTP methods are considered insecure: PUT, DELETE, CONNECT, TRACE, HEAD Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the...

CVE-2002-0240

PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message...

CVE-2002-0240

PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message...