Lucene search
+L

73 matches found

ubuntucve
ubuntucve
added 2015/07/20 12:0 a.m.32 views

CVE-2015-3183

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension...

5CVSS6.7AI score0.73327EPSS
Exploits0References4
nessus
nessus
added 2015/03/30 12:0 a.m.70 views

Mandriva Linux Security Advisory : tomcat (MDVSA-2015:084)

Updated tomcat package fixes security vulnerabilities : It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition CVE-2014-0050. Apache Tomcat 7.x...

7.5CVSS7AI score0.83175EPSS
Exploits12References11
prion
prion
added 2015/02/16 12:59 a.m.26 views

Design/Logic Flaw

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...

6.4CVSS7AI score0.21045EPSS
Exploits0References35Affected Software1
ubuntucve
ubuntucve
added 2015/02/15 12:0 a.m.39 views

CVE-2014-0227

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...

6.4CVSS6.8AI score0.21045EPSS
Exploits0References3
osv
osv
added 2015/02/15 12:0 a.m.2 views

UBUNTU-CVE-2014-0227

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...

6.4CVSS6.8AI score0.21045EPSS
Exploits0References4
nessus
nessus
added 2015/01/19 12:0 a.m.34 views

Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_tomcat)

The remote Solaris system is missing necessary patches to address security updates : - Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...

6.8CVSS8AI score0.11001EPSS
Exploits3References4
nessus
nessus
added 2014/10/12 12:0 a.m.56 views

Amazon Linux AMI : httpd (ALAS-2014-414)

The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass 'RequestHeader unset' directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states 'this is not a security issue in httpd as such.' C Tenable Networ...

5CVSS6.3AI score0.60205EPSS
Exploits2References2
nessus
nessus
added 2014/10/12 12:0 a.m.47 views

Amazon Linux AMI : mod24_security (ALAS-2014-334)

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

5CVSS6.1AI score0.0267EPSS
Exploits2References2
nessus
nessus
added 2014/10/12 12:0 a.m.20 views

Amazon Linux AMI : mod_security (ALAS-2014-335)

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

5CVSS6.1AI score0.0267EPSS
Exploits2References2
nessus
nessus
added 2014/10/10 12:0 a.m.35 views

F5 Networks BIG-IP : Apache Tomcat vulnerability (SOL15426)

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunke...

5CVSS6.5AI score0.2006EPSS
Exploits1References2
openvas
openvas
added 2014/07/27 12:0 a.m.20 views

Debian Security Advisory DSA 2991-1 (modsecurity-apache - security update)

Martin Holst Swende discovered a flaw in the way chunked requests are handled in ModSecurity, an Apache module whose purpose is to tighten the Web application security. A remote attacker could use this flaw to bypass intended modsecurity restrictions by using chunked transfer coding with a...

5CVSS6.1AI score0.0267EPSS
Exploits2References1
nvd
nvd
added 2014/05/31 11:17 a.m.25 views

CVE-2014-0075

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunke...

5CVSS8AI score0.2006EPSS
Exploits1References48
prion
prion
added 2014/05/31 11:17 a.m.30 views

Integer overflow

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunke...

5CVSS7.2AI score0.2006EPSS
Exploits1References48Affected Software1
debiancve
debiancve
added 2014/05/31 10:0 a.m.38 views

CVE-2014-0075

Removed by vendor...

5CVSS6.9AI score0.2006EPSS
Exploits1
cvelist
cvelist
added 2014/05/31 10:0 a.m.33 views

CVE-2014-0075

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunke...

8AI score0.2006EPSS
Exploits1References48
ubuntucve
ubuntucve
added 2014/05/31 12:0 a.m.36 views

CVE-2014-0075

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service resource consumption via a malformed chunk size in chunke...

5CVSS6.8AI score0.2006EPSS
Exploits1References2
nessus
nessus
added 2014/05/30 12:0 a.m.162 views

Apache Tomcat 7.0.0 < 7.0.53 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.53. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.53security-7 advisory. - Integer overflow in the parseChunkHeader function in...

5CVSS6.8AI score0.2006EPSS
Exploits1References8
freebsd
freebsd
added 2014/05/23 12:0 a.m.39 views

tomcat -- multiple vulnerabilities

Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...

8.3AI score
Exploits0References3
amazon
amazon
added 2014/05/06 12:0 a.m.52 views

Medium: mod_security

Issue Overview: apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. Affected Packages: modsecurity Issue Correction: Run yum update modsecurity or yum upda...

5CVSS6.4AI score0.0267EPSS
Exploits2
nvd
nvd
added 2014/04/15 10:55 a.m.24 views

CVE-2013-5704

The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."...

5CVSS4.8AI score0.60205EPSS
Exploits2References47
Rows per page
Query Builder