tomcat: Vary header not added by CORS filter leading to cache poisoning

A vulnerability was discovered in Tomcat where the CORS Filter did not send a "Vary: Origin" HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches...

MS06-029: Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)

The remote host is running a version of the Outlook Web Access that contains cross-site scripting flaws. This vulnerability could allow an attacker to convince a user to run a malicious script. If this malicious script is run, it would execute in the security context of the user. Attempts to...

Vulnerability in Exchange Server 5.5 Outlook Web Access XSS (842436)

The remote host is running a version of the Outlook Web Access which contains cross site scripting flaws. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

MS05-029: Vulnerability in Exchange Server 5.5 Outlook Web Access XSS (895179)

The remote host is running a version of the Outlook Web Access that is affected by a cross-site scripting flaw. This vulnerability could allow an attacker to convince a user to run a malicious script. If this malicious script is run, it would execute in the security context of the user. Attempts ...