Lucene search
+L

593 matches found

osv
osv
added 2011/10/19 10:55 a.m.3 views

DEBIAN-CVE-2011-4140

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...

6.8CVSS7.2AI score0.01093EPSS
Exploits0References1
osv
osv
added 2011/10/19 10:55 a.m.8 views

CVE-2011-4140

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...

6.6AI score
Exploits0References9
cve
cve
added 2011/10/19 10:0 a.m.117 views

CVE-2011-4140

CVE-2011-4140 : Django 1.2.7 and 1.3.x up to 1.3.1 contain a CSRF protection flaw that mishandles HTTP Host headers in certain web-server configurations, enabling remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME and a page with JavaScript. Impact: unau...

6.8CVSS6.7AI score0.01093EPSS
Exploits0References8Affected Software1
redhat
redhat
added 2010/03/25 10:31 a.m.7 views

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

9.8CVSS6.9AI score0.87264EPSS
Exploits15References4
redhat
redhat
added 2010/03/25 9:11 a.m.5 views

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

9.8CVSS6.9AI score0.87264EPSS
Exploits15References4
redhat
redhat
added 2010/03/03 6:20 p.m.6 views

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

9.8CVSS6.9AI score0.87264EPSS
Exploits15References4
redhat
redhat
added 2010/01/06 4:21 p.m.7 views

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

9.8CVSS6.9AI score0.87264EPSS
Exploits15References4
redhat
redhat
added 2009/12/23 5:33 p.m.5 views

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

9.8CVSS6.9AI score0.87264EPSS
Exploits15References4
securityvulns
securityvulns
added 2001/07/18 12:0 a.m.34 views

Checkpoint Firewall-1 errors

Hi. Checkpoint Firewall-1 makes use of a piece of software called SecureRemote to create encrypted sessions between users and FW-1 modules. Before remote users are able to communicate with internal hosts, a network topology of the protected network is downloaded to the client. While newer version...

1.3AI score
Exploits0
cvelist
cvelist
added 2001/05/07 4:0 a.m.18 views

CVE-2000-0720

news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi progr...

6.7AI score0.06155EPSS
Exploits1References3
securityvulns
securityvulns
added 2001/03/29 12:0 a.m.80 views

def-2001-15: Website Pro Remote Manager DoS

====================================================================== Defcom Labs Advisory def-2001-15 Website Pro Remote Manager DoS Author: Peter Grьndl [email protected] Release Date: 2001-03-28 ======================================================================...

0.7AI score
Exploits0
nvd
nvd
added 2000/10/20 4:0 a.m.13 views

CVE-2000-0720

news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi progr...

5CVSS6.7AI score0.06155EPSS
Exploits1References3
nessus
nessus
added 1999/06/22 12:0 a.m.1236 views

HTTP Proxy Open Relay Detection

The remote web proxy accepts unauthenticated HTTP requests from the Nessus scanner. By routing requests through the affected proxy, a user may be able to gain some degree of anonymity while browsing websites, which will see requests as originating from the remote host itself rather than the user'...

5.5AI score
Exploits0
Rows per page
Query Builder