Lucene search
K

60 matches found

OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.41 views

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-2593)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.2AI score0.15564EPSS
Exploits0References2
Prion
Prion
added 2019/12/10 3:15 p.m.16 views

Design/Logic Flaw

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

5.8CVSS7.2AI score0.011EPSS
Exploits0References4Affected Software2
UbuntuCve
UbuntuCve
added 2019/12/10 3:15 p.m.27 views

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

6.1CVSS6.5AI score0.011EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/12/10 2:58 p.m.63 views

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

6.1CVSS4.2AI score0.011EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/12/10 12:0 a.m.40 views

EulerOS 2.0 SP2 : httpd (EulerOS-SA-2019-2402)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4....

6.1CVSS6.5AI score0.19798EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/02/18 4:58 p.m.4 views

httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications

It has been discovered that the modsession module of Apache HTTP Server httpd, through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session" header...

5.3CVSS7.2AI score0.10118EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/02/18 4:55 p.m.5 views

httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications

It has been discovered that the modsession module of Apache HTTP Server httpd, through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a "Session" header...

5.3CVSS7.2AI score0.10118EPSS
Exploits0References4
Amazon
Amazon
added 2018/05/03 12:0 a.m.66 views

Medium: httpd24

Issue Overview: Use-after-free on HTTP/2 stream shutdown When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this...

9.8CVSS7.3AI score0.86006EPSS
Exploits0
OSV
OSV
added 2018/03/26 3:29 p.m.2 views

ALPINE-CVE-2018-1283

In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...

5.3CVSS6.9AI score0.10118EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/03/26 12:0 a.m.50 views

CVE-2018-1283

In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...

5.3CVSS6.8AI score0.10118EPSS
Exploits0References5
OSV
OSV
added 2018/03/26 12:0 a.m.2 views

UBUNTU-CVE-2018-1283

In Apache httpd 2.4.0 to 2.4.29, when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its...

5.3CVSS6.8AI score0.10118EPSS
Exploits0References6
Cloud Foundry
Cloud Foundry
added 2016/12/14 12:0 a.m.70 views

USN-3134-1: Python vulnerabilities | Cloud Foundry

USN-3134-1: Python vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information...

10CVSS7.6AI score0.26316EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2016/11/23 12:0 a.m.87 views

Ubuntu 14.04 LTS / 16.04 LTS : Python vulnerabilities (USN-3134-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3134-1 advisory. It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this t...

10CVSS7.8AI score0.26316EPSS
Exploits7References5
Prion
Prion
added 2016/07/19 2:0 a.m.24 views

Design/Logic Flaw

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

6.8CVSS6.9AI score0.0522EPSS
Exploits0References9Affected Software6
Cvelist
Cvelist
added 2016/07/19 1:0 a.m.26 views

CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

7.8AI score0.0522EPSS
Exploits0References9
CNVD
CNVD
added 2016/07/19 12:0 a.m.5 views

GO Language httpoxy Remote Proxy Infection Vulnerability

Go language is the second open source programming language released by Google. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist primarily in multiple web servers, web frameworks, and programming languages. The Proxy field nam...

8.1CVSS8.1AI score0.0522EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2016/07/18 2:0 p.m.31 views

CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

8.1CVSS6.9AI score0.0522EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2016/07/18 12:0 a.m.3 views

PT-2016-4503 · Twisted +4 · Twisted +4

Name of the Vulnerable Software and Affected Versions: Twisted versions prior to 16.3.1 Description: The issue arises from the software's failure to address RFC 3875 section 4.1.18 namespace conflicts, which leaves CGI applications unprotected from untrusted client data in the HTTP PROXY...

6.9CVSS7AI score0.02406EPSS
Exploits0References46
OSV
OSV
added 2016/07/18 12:0 a.m.4 views

UBUNTU-CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5.3CVSS6.1AI score0.02406EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/07/18 12:0 a.m.21 views

CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5.3CVSS6.1AI score0.02406EPSS
Exploits0References3
Rows per page
Query Builder