4 matches found
USN-7772-1: Eventlet vulnerability
It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to bypass front-end security controls, launch targeted attacks against active site users, and poison web caches...
CVE-2006-6276
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting XSS, and poison web...
CVE-2005-1951
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the 1 productsid or 2 pid parameter to index.php or 3 goto parameter to banner.php...
CVE-2005-1951
osCommerce 2.2 Milestone 2 and earlier are affected by CVE-2005-1951 due to HTTP Response Splitting in multiple parameters (products_id, pid in index.php and goto in banner.php). The vulnerability arises from hex-encoded CRLF sequences, enabling remote attackers to spoof content and potentially p...