142 matches found
Updated lighttpd packages fix security vulnerability
Dominic Scheirlinck and Scott Geary of Vend reported an insecure behaviour in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables. This could be used to carry out Man in the Middle Attacks MIDM or create connections to...
Debian DSA-3642-1 : lighttpd - security update
Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables, allowing remote attackers to carry out Man in the Middle MITM attacks or initiate connections ...
Debian Security Advisory DSA 3642-1 (lighttpd - security update)
Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior in the lighttpd web server. Lighttpd assigned Proxy header values from client requests to internal HTTPPROXY environment variables, allowing remote attackers to carry out Man in the Middle MITM attacks or initiate connections ...
Apache Tomcat 'CGI Servlet' MITM Vulnerability
Apache Tomcat is prone to a man-in-the-middle MITM vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...
CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables
Overview Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTPPROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle MITM attacks on internal subrequests or to direct the server to initiate connection...
PT-2016-3676 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman versions 1.8.0 through 1.8.3 Foreman versions 1.9.0 through 1.9.0 Description: The issue allows remote authenticated users with the view reports permission to read reports from arbitrary hosts or remote authenticated users with the...
CVE-1999-0523
ICMP echo ping is allowed from arbitrary hosts...
CVE-1999-0524
ICMP information such as 1 netmask and 2 timestamp is allowed from arbitrary hosts...
DoS via fail2ban
Invalid logs parsing allows to ban arbitrary hosts...
Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28548/info Microsoft's Crypto API library is prone to an information-disclosure vulnerability because HTTP requests to arbitrary hosts and ports may be automatically triggered when validating X.509 certificates. Successfu...
Cross site request forgery (csrf)
app/controllers/api/v1/hostscontroller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request...
CVE-2012-4001
The modpagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers...
mod_cluster: malicious worker nodes can register on any vhost
modcluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from ...
Flash plugin DNS rebinding
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash SWF movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML...
Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure
Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure source: https://www.securityfocus.com/bid/28548/info Microsoft's Crypto API library is prone to an information-disclosure vulnerability because HTTP requests to arbitrary hosts and ports may be automatically trigger...
Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure
source: https://www.securityfocus.com/bid/28548/info Microsoft's Crypto API library is prone to an information-disclosure vulnerability because HTTP requests to arbitrary hosts and ports may be automatically triggered when validating X.509 certificates. Successful exploits allow attackers to...
Code injection
Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter...
Flash plugin DNS rebinding
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash SWF movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML...
GLSA-200710-14 : DenyHosts: Denial of Service
The remote host is affected by the vulnerability described in GLSA-200710-14 DenyHosts: Denial of Service Daniel B. Cid discovered that DenyHosts used an incomplete regular expression to parse failed login attempts, a different issue than GLSA 200701-01. Impact : A remote unauthenticated attacker...
CVE-2007-5275
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash SWF movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML...