PT-2005-3031 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: Microsoft IIS versions 5.0 through 6.0 Description: The issue allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding: chunked head...

PT-2005-3030 · Apache +2 · Apache Http Server +2

Name of the Vulnerable Software and Affected Versions: Apache HTTP server versions 1.3.x through 1.3.33 Apache HTTP server versions 2.0.x through 2.0.54 Description: A flaw occurs when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a...

CVE-2004-0051

Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard but frequently supported Content-Transfer-Encoding values such as 1 uuencode, 2 mac-binhex40, and 3 yenc, which may be interpreted differently by...

[Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME Content-Transfer-Encoding mechanism issue

-- Corsaire Security Advisory -- Title: Multiple vendor MIME Content-Transfer-Encoding mechanism issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [email protected] Audience: General distribution Reference: c030804-005 -- Scope -- The aim of this documen...

CVE-2002-0845

Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding...

CVE-2002-0845

CVE-2002-0845 affects Sun ONE / iPlanet Web Server 4.1 and 6.0. The vulnerability is a buffer overflow in the Chunked Encoding processing, allowing a remote attacker to execute arbitrary code via an HTTP request that uses chunked transfer encoding. Affected components are the web server’s HTTP pr...

CVE-2002-1441

Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remote attackers to execute arbitrary code via 1 the Steelarrow Service Steelarrow.exe using a long UserIdent Cookie header, 2 DLLHOST.EXE Steelarrow.dll via a request for a long .aro file, or 3 DLLHOST.EXE via a Chunked...

CVE-2002-2272

Tomcat 4.0 through 4.1.12, using modjk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service desynchronized communications via an HTTP GET request with a Transfer-Encoding chunked field with invalid values...

CVE-2002-1368

Common Unix Printing System CUPS 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by causing negative arguments to be fed into memcpy calls via HTTP requests with 1 a negative Content-Length value or 2 a negative length in a...

CVE-2002-0386

The CVE-2002-0386 entry concerns Oracle9iAS Web Cache, specifically the administration module of Oracle Web Cache in Oracle9iAS 9.0.2. The vulnerability allows remote denial of service (crash) via two conditions: (1) an HTTP GET containing a “..” sequence, and (2) a malformed HTTP GET with chunke...

CVE-2002-0845

Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding...