120 matches found
CVE-2020-5255
In Symfony before versions 4.4.7 and 5.0.7, when a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the...
PT-2020-18349 · Symfony · Symfony
Name of the Vulnerable Software and Affected Versions: Symfony versions prior to 4.4.7 Symfony versions prior to 5.0.7 Description: When a Response does not contain a Content-Type header, affected versions of Symfony can fallback to the format defined in the Accept header of the request, leading ...
The vulnerability of the Action View component of the Ruby on Rails software platform, allowing attackers to read arbitrary files
The vulnerability of the Action View component in the Ruby on Rails software framework is related to errors in handling HTTP headers “Accept” when used in the “render file” handler code. Exploiting this vulnerability allows an attacker to read arbitrary files...
The vulnerability of the Action View component of the Ruby on Rails software platform, which allows a hacker to trigger a service failure.
The vulnerability of the Action View component in the Ruby on Rails software framework is related to errors in processing HTTP headers like “Accept”. Exploiting this vulnerability can allow an attacker to cause service interruptions...
Ruby on Rails 5.2 "DoubleTap" Directory Traversal
Ruby on Rails 5.2.2 and prior are vulnerable to a directory traversal attack due to the way the HTTP ACCEPT header is parsed, which ends up being a template for Rails to render. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: Background Ruby on Rails is a server-side web...
GHSA-GFX6-PH4Q-Q54Q Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core
Akka HTTP versions = 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service...
CVE-2018-7582
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service daemon crash via a long HTTP Accept Header to TCP port 9991...
CVE-2018-7582
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service daemon crash via a long HTTP Accept Header to TCP port 9991...
CVE-2018-7582
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service daemon crash via a long HTTP Accept Header to TCP port 9991...
WebLog Expert Web Server Enterprise 9.4 Denial Of Service Exploit
Exploit for windows platform in category dos / poc + Credits: John Page aka hyp3rlinx Vendor: ======= www.weblogexpert.com Product: ========= WebLog Expert Web Server Enterprise v9.4 WebLog Expert is a fast and powerful access log analyzer. It will give you information about your site's visitors:...
DEBIAN-CVE-2018-7284
A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...
Akka HTTP Accept Header Denial of Service Vulnerability
Akka HTTP is an HTTP application. A security vulnerability in Akka HTTP's handling of the ACCEPT header allows remote attackers to exploit the vulnerability to submit specially crafted requests that can crash the application...
openSUSE Security Update : Mozilla Firefox and NSS (openSUSE-2017-1114)
This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6, fixes security issues and bugs. The following vulnerabilities advised upstream under MFSA 2017-22 boo1060445 were fixed : - CVE-2017-7793: Use-after-free with Fetch API - CVE-2017-7818: Use-after-free during ARIA array...
Security update for Mozilla Firefox and NSS (important)
This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6, fixes security issues and bugs. The following vulnerabilities advised upstream under MFSA 2017-22 boo1060445 were fixed: - CVE-2017-7793: Use-after-free with Fetch API - CVE-2017-7818: Use-after-free during ARIA array...
CVE-2016-0751
actionpack/lib/actiondispatch/http/mimetype.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service...
CVE-2016-0751
actionpack/lib/actiondispatch/http/mimetype.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service...
UBUNTU-CVE-2016-0751
actionpack/lib/actiondispatch/http/mimetype.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service...
CVE-2013-1946
The CVE-2013-1946 entry affects Drupal’s RESTful Web Services (RESTWS) module for Drupal 7.x-1.x up to 7.x-1.3 and 7.x-2.x up to 7.x-2.0-alpha5. When page caching is enabled and anonymous users have RESTWS permissions, a GET request with an HTTP Accept header set to a non-HTML type can cause a de...
Moderate: Red Hat Security Advisory: rhevm security and bug fix update
Updated rhevm packages that fix one security issue and various bugs are now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the...
Netscape Enterprise Server Accept Header Remote Overflow
The remote web server seems to crash when it is issued a too long argument to the 'Accept:' command : Example : GET / HTTP/1.0 Accept: /gif This may allow an attacker to execute arbitrary code on the remote system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10154...