332 matches found
httpd mod_cache segfault
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...
MediaWiki api.php脚本信息泄露漏洞
BUGTRAQ ID: 42019 MediaWiki是著名的wiki程序,运行于PHP+MySQL环境。 MediaWiki的api.php脚本没有正确地对缓存数据强制Cache-Control头,远程攻击者可以通过公开缓存头请求保密数据,包括文章标题和内容、已删除文章的内容、用户邮件地址或watchlist等。成功攻击要求攻击者能够使用与受害用户相同的HTTP代理服务器。 MediaWiki 1.8 - 1.15.4 厂商补丁: MediaWiki --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Debian DSA-2002-1 : polipo - denial of service
Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3305 A malicous remote server could cause polipo to crash by sending an invalid Cache-Control heade...
Cross site request forgery (csrf)
Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service crash via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in httpparse.c, and possibly other...
SOFT64 PHP Whois XSS Vulnerability
No description provided by source. Exploit Title: SOFT64 PHP Whois XSS Vulnerability Date: 24/12/2009 Author: bi0 Software Link: http://blog.soft64download.com/files/ajax-whois.rar /\ == \ /\ \ /\ \ \ \ \ \ \ \ \ /\ \ \ \ \ \ \ \ // // // 01000010 01101001 01001111...
Network Appliance NetCache DoS
Error on Cache-Control: prefetch processing...
openSUSE Security Update : MozillaFirefox (MozillaFirefox-509)
The Mozilla Firefox browser is updated to version 3.0.6 fixing various security and stability issues. MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these...
openSUSE Security Update : MozillaFirefox (MozillaFirefox-509)
The Mozilla Firefox browser is updated to version 3.0.6 fixing various security and stability issues. MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these...
Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-717-1)
Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2009-0352, CVE-2009-0353 A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy i...
USN-717-1: Firefox and Xulrunner vulnerabilities
Several flaws were discovered in the browser engine. These problems could allow an attacker to crash the browser and possibly execute arbitrary code with user privileges. CVE-2009-0352, CVE-2009-0353 A flaw was discovered in the JavaScript engine. An attacker could bypass the same-origin policy i...
Mozilla Foundation Security Advisory 2009-06
Mozilla Foundation Security Advisory 2009-06 Title: Directives to not cache pages ignored Impact: Low Announced: February 3, 2009 Reporter: Paul Nel Products: Firefox Fixed in: Firefox 3.0.6 Description Paul Nel reported that certain HTTP directives to not cache web pages, Cache-Control: no-store...
CVE-2009-0358
Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...
CVE-2009-0358
Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...
CVE-2009-0358
Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...
Firefox directives to not cache pages ignored
Mozilla Firefox 3.x before 3.0.6 does not properly implement the 1 no-store and 2 no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the a back button or b history list of the victim's browser, as demonstrated by reading the response page of an...
Mozilla Firefox 3.x < 3.0.6 Multiple Vulnerabilities
Binary data 4922.prm...
Firefox 3.0.x < 3.0.6 Multiple Vulnerabilities
The installed version of Firefox 3.0.x is earlier than 3.0.6. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. MFSA 2009-01 - A chrome XBL method can be...
Directives to not cache pages ignored — Mozilla
Paul Nel reported that certain HTTP directives to not cache web pages, Cache-Control: no-store and Cache-Control: no-cache for HTTPS pages, were being ignored by Firefox 3. On a shared system, applications relying upon these HTTP directives could potentially expose private data. Another user on t...
Design/Logic Flaw
Unspecified versions of Microsoft Outlook Web Access OWA use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information...
CVE-2008-2143
Unspecified versions of Microsoft Outlook Web Access OWA use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information...