25 matches found
CVE-2016-10397
Removed by vendor...
CVE-2016-10397
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...
CVE-2016-6411
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585...
CVE-2006-0760
LightTPD 1.4.8 and earlier; when the web root sits on a case-insensitive filesystem, the system may bypass URL checks and disclose sensitive information by mismatching file extension capitalization (e.g., index.PHP when PHP is enabled only for ".php"). Root cause is a case-insensitive handling of...
CVE-2006-0760
LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP...