CVE-2017-4016

CVE-2017-4016 affects McAfee Network Data Loss Prevention (NDLP) 9.3.x. The Web server allows information disclosure through HTTP response headers, enabling remote attackers to reveal additional vulnerabilities via the header leakage. CVSS data indicates network access with low privileges and par...

CVE-2017-4016

Web Server method disclosure in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to exploit and find another hole via HTTP response header...

Preventing the Cache-Control Response Header from being Set to private

Q: When Compression is enabled on a NetScaler appliance, can you prevent the Cache-Control response header being set to the value private? A: Yes. You can prevent the Cache-Control response from being set to the value private when compression is enabled on a NetScaler appliance. To prevent the...

Mail.ru: CRLF инъекция на https://tz.mail.ru

HTTP response header CRLF injection via GET parameters in tz.mail.ru. tz.mail.ru is not currently in the Bug bounty scope...

Nextcloud: Bad content-type in response header when getting document can lead to html injection

Bug When request document by genesisid or filename, the content-type field in response header is 'text/html'. And the document content can be anything. So if we upload an odt file with html format and share with other users, it can lead to html injection when others request that file. PoC - img1...

Uber: Server version disclosure

Hi uber, maybe this is a low risk but i want to report that the nginx and openresty server version are being disclosed. For openresty: Accessing this url: https://chef.uberinternal.com/ will give you an error "502 Bad Gateway" but you can see on the page that the server version was disclose...

Nextcloud: Response Header injection using redirect_uri together with PHP that utilizes Header Folding according to RFC1945 and Internet Explorer 11

Hi, I noticed that the redirecturi used to redirect users to any location on the page, passes in all data into a header"Location.. without any validation. The problem is that PHP current PHP-versions of Debian/Ubuntu, there seem to be a patch properly in place in other dists actually built the...

Veris: Server and PHP version Disclosed in Response Header

Server Version and OS Version Disclosure issue...

LeaseWeb: Apache version disclosed on developer.leaseweb.com

HI For URL "http://developer.leaseweb.com/asdfadsf" apache version is disclosed in response header "Server" Connection: keep-alive Content-Encoding: gzip Content-Length: 174 Content-Type: text/html; charset=iso-8859-1 Date: Sat, 20 Feb 2016 05:11:18 GMT Server: Apache/2.4.7 Vary: User-Agent This...

Ceph: RGW returns requested bucket name raw in Bucket response header

A feature in Ceph Object Gateway RGW allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse...

Apache Httpd < 2.2.34 : mod_mime Buffer Overread

modmime can read one byte past the end of a buffer when sending a malicious Content-Type response header...

HackerOne: Weak HSTS age in support hackerone site

Send this request: GET https://support.hackerone.com HTTP/1.1 Connection: keep-alive Accept: application/json, text/javascript, /; q=0.01 X-Requested-With: XMLHttpRequest Content-Length: 0 User-Agent: Jakarta Commons-HttpClient/3.1 Host: support.hackerone.com Response header: HTTP/1.1 200 OK...

Apache Tomcat JK Connector 1.2.x < 1.2.41 JkUnmount Directive Handling Remote Information Disclosure

Based on the Server response header, the installation of the JK Connector modjk in Apache Tomcat listening on the remote host is version 1.2.x prior to 1.2.41. It is, therefore, affected by an information disclosure vulnerability due to improper handling of the 'JkUnmount' directive and multiple,...

GetGo Download Manager HTTP Response Buffer Overflow

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'GetGo Download Manager HTTP Response Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow...

Block.io: Various Low level Vulnerabilities

1.XSS protection Not Enabled: Example URL: https://block.io/js/secure/secrets.js?mtime=1412493238 Web Browser XSS Protection is not enabled, or is disabled by the configuration of the 'X-XSS-Protection' HTTP response header on the web server The X-XSS-Protection HTTP response header allows the we...

PHP <= 5.2.3 EXT/Session HTTP Response Header Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24268/info PHP is prone to an HTTP-response-header-injection vulnerability because it fails to sanitize user-supplied input. An attacker can exploit this issue to inject additional cookie attributes into session cookies...

formmail 1.92 Multiple Vulnerabilities

No description provided by source. FormMail 1.92 Multiple Vulnerabilities Name Multiple Vulnerabilities in FormMail Systems Affected FormMail 1.92 and possibly earlier versions Severity Medium Impact CVSSv2 Medium 4.3/10, vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Vendor...

Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3169/info A vulnerability has been discovered in Apache web server that may result in the disclosure of the server's address. The problem occurs when a HTTP request containing the URI of a directory is submitted to the...

GetGo Download Manager 4.9.0.1982 - HTTP Response Header Buffer Overflow Remote Code Execution

No description provided by source. !/usr/bin/python Exploit Title: GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution Version: v4.9.0.1982 CVE: CVE-2014-2206 Date: 2014-03-09 Author: Julien Ahrens @MrTuxracer Homepage: http://www.rcesecurity.com Software Link:...

Uzbey: Language version disclosure in response header

go to https://staging.uzbey.com/ in google chrome browser 2. Right click mouse and choose inspect element options 3. click network and choose request and response for staging.uzbey.com Remote Address:54.200.82.121:443 Request URL:https://staging.uzbey.com/ Request Method:GET Status Code:200 OK...