Design/Logic Flaw

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...

CVE-2005-4874

The vulnerability CVE-2005-4874 affects the XMLHttpRequest object in Mozilla 1.7.8, where the HTTP TRACE method can be abused to disclose credentials. Specifically, an attacker can obtain (1) proxy authentication passwords via a request with Max-Forwards: 0 and (2) arbitrary local passwords on th...

CVE-2008-1545

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a...

CVE-2008-1544

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...

CVE-2008-1545

In this CVE, the affected component is the XMLHttpRequest.setRequestHeader implementation in Microsoft Internet Explorer 7. The issue arises because the method does not restrict the dangerous Transfer-Encoding HTTP header, enabling remote attackers to perform HTTP request splitting and HTTP reque...

CVE-2008-1544

CVE-2008-1544 relates to Internet Explorer (IE) 5.01/6/7 where setRequestHeader can bypass header-safety checks, enabling HTTP request splitting/smuggling, host/Referer manipulation, and potential same-origin policy bypass. Microsoft’s connected documentation confirms a fix via MS08-031 (Cumulati...

CVE-2005-4874

The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain 1 proxy authentication passwords via a request with a "Max-Forwards: 0" header or 2 arbitrary local passwords on the web server that hosts this object...

Microsoft IE 7 setRequestHeader()函数多个请求拆分/渗透漏洞

BUGTRAQ ID: 28379 Internet Explorer是微软发布的非常流行的WEB浏览器。 IE 7允许通过HTTP请求拆分攻击覆盖Content-Length、Host和Referer等HTTP头，导致HTTP头信息欺骗。 类似于以下javascript： ---------------------------------------------- var x=new XMLHttpRequest; x.open"POST","/"; forf=127;f255;f++ try...

[MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling.

MSA01240108: IE7 allows overwriting of several headers leading to Http request Splitting and smuggling. Date: March 21th, 2008 Tested Versions: Internet Explorer 7.0.5730.11 Tested OS: Windows XP Professional SP2 Italian Minded Security ReferenceID: MSA02240108 Credits: Discovery by Stefano Di...

Debian Security Advisory DSA 838-1 (mozilla-firefox)

The remote host is missing an update to mozilla-firefox announced via advisory DSA 838-1. Multiple security vulnerabilities have been identified in the mozilla-firefox web browser. These vulnerabilities could allow an attacker to execute code on the victim's machine via specially crafted network...

Mozilla Firefox WYCIWYG:// URI绕过缓存区限制漏洞

BUGTRAQ ID: 24831 Mozilla Firefox是一款非常流行的开源WEB浏览器。 Firefox实现的wyciwyg://伪URI资源类型的访问控制存在漏洞，远程攻击者可能利用此漏洞获取Web浏览器相关的敏感信息。 wyciwyg://伪URI资源类型用于整理和引用本地所缓存的页面，但wyciwyg:// URI的访问控制并不充分，用户可通过XMLHttpRequest或IFRAMEd view-source:访问所缓存的文档。尽管仍正确地实现同域策略，但恶意站点可以绕过cookie设置向用户计算机存储任意标记；如果结合HTTP...

CVE-2007-3656

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...

Design/Logic Flaw

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...

CVE-2007-3656

Mozilla Firefox 1.8.x and earlier versions are affected by CVE-2007-3656 due to not performing a security zone check for wyciwyg URIs. The issue allows a remote attacker to obtain sensitive information, potentially poison the browser cache, and may enable further attack vectors via HTTP 302 redir...

CVE-2007-3656

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...

Firefox wyciwyg:// cache zone bypass

There is an interesting vulnerability in how Mozilla Firefox handles internal wyciwyg:// pseudo-URIs. These cache-related resource identifiers are meant to be inaccessible by the user - but there are at least three routes to bypass these restrictionss, one of which - HTTP 302 redirect - also...

CVE-2007-2401

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function...

Crlf injection

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function...

CVE-2007-2401

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function...

CVE-2007-2401

The CVE-2007-2401 entry concerns a CRLF injection in Apple’s WebCore XMLHttpRequest handling. Vulnerable: WebCore in Mac OS X 10.3.9, 10.4.9 and later, and iPhone prior to 1.0.1. Nature: remote attacker can inject arbitrary HTTP headers by sending LF characters in an XMLHttpRequest and exploiting...