873 matches found
CVE-2002-2345
The CVE-2002-2345 entry concerns Oracle 9i Application Server 9.0.2, where the web cache administrator interface password is stored in plaintext. This credential leakage could allow remote attackers to access the administrator interface, implying unauthorized access to cached credentials. Public ...
firefox security update
CentOS Errata and Security Advisory CESA-2007:0979 Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source...
thunderbird security update
CentOS Errata and Security Advisory CESA-2007:0981 Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a...
Design/Logic Flaw
Internet Communication Manager aka ICMAN.exe or ICM in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service process crash via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web...
CVE-2007-3615
Internet Communication Manager aka ICMAN.exe or ICM in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service process crash via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web...
CVE-2007-3615
SAP NetWeaver Application Server’s Internet Communication Manager (ICM/ICMAN.exe) in 6.x–7.x (Windows possibly) is vulnerable to a denial-of-service via a long URI containing sap-isc-key, related to web cache configuration. The connected documents do not provide additional technical details, expl...
RHEL 5 : tomcat (RHSA-2007:0327)
Updated tomcat packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. Tomca...
Important: Red Hat Security Advisory: jbossas security update
Updated jbossas packages that fix multiple security issues in tomcat are now available for Red Hat Application Stack. This update has been rated as having Important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages...
tomcat multiple content-length header poisioning
Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...
Important: Red Hat Security Advisory: tomcat security update
Updated tomcat packages that fix multiple security issues are now available for Red Hat Application Server v2. This update has been rated as having important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies...
CentOS 5 : tomcat (CESA-2007:0327)
Updated tomcat packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. Tomca...
jakarta, tomcat5 security update
CentOS Errata and Security Advisory CESA-2007:0327 Updated tomcat packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Ja...
Fixed in Apache Tomcat 5.5.23, 5.0.SVN
Important: Information disclosure CVE-2005-2090 Requests with multiple content-length headers should be rejected as invalid. When multiple components firewalls, caches, proxies and Tomcat process a sequence of requests where one or more requests contain multiple content-length headers and several...
Sun Java系统服务器嵌入式HTTP请求处理漏洞
Sun Java系统应用和WEB服务器都是与J2EE平台兼容的应用服务器。 Sun Java System Application Server在处理HTTP请求时存在漏洞,远程攻击者可能利用此漏洞执行各种攻击。 如果Sun Java System Application Server或Sun Java System Web Server使用Sun Java System Proxy Server的话,由于未能正确地实现HTTP/1.1...
CVE-2006-6276
Sun Java System Proxy Server versions prior to 20061130 are affected by an HTTP request smuggling vulnerability when used with Sun Java System Application Server or Sun Java System Web Server. Exploitation could bypass HTTP request filtering, enable web session hijacking, permit cross-site script...
"Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein
Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more... Amit Klein, September 2005 Preface ======= This paper is released in a bit of haste, and as such, it may be somewhat incomplete. The reason is that I was toying with the concepts and techniques outlined in it for th...
Code injection
Unspecified vulnerability in the 1 web cache or 2 web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service device unresponsiveness via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite...
CVE-2006-2240
Unspecified vulnerability in the 1 web cache or 2 web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service device unresponsiveness via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite...
CVE-2006-2240
CVE-2006-2240 concerns an unspecified vulnerability in the Fujitsu NetShelter/FW web cache or web proxy. The issue reportedly allows remote attackers to cause a denial of service resulting in device unresponsiveness, via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite. The...
CVE-2006-2240
Unspecified vulnerability in the 1 web cache or 2 web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service device unresponsiveness via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite...