Lucene search
K

174 matches found

CNVD
CNVD
added 2018/07/04 12:0 a.m.3 views

Eclipse Jetty Server Information Disclosure Vulnerability

Eclipse Jetty Server is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . An information disclosure vulnerability exists in Eclipse Jetty Server version 9.x that stems from an error response with an InvalidPathException message containing sensitive...

5.3CVSS5.7AI score0.04328EPSS
Exploits0References1
OSV
OSV
added 2018/06/27 5:29 p.m.42 views

CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

5.3CVSS7AI score
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:16 a.m.19 views

Security Bulletin: Vulnerability in Rational DOORS Next Generation with potential for attacks by displaying improper handling of errors (CVE-2016-9748)

Summary An undisclosed security vulnerability of Rational DOORS Next Generation may result in an attack by revealing implementations details, internal error messages, database dumps or error codes. Vulnerability Details CVEID: CVE-2016-9748 DESCRIPTION: IBM RM discloses sensitive information in...

4.3CVSS0.4AI score0.00941EPSS
Exploits0Affected Software1
CVE
CVE
added 2017/08/29 8:0 p.m.81 views

CVE-2017-3154

CVE-2017-3154 affects Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating. The underlying issue is that error responses reveal a stack trace, leading to information exposure. The available documents describe the vulnerability as an information-disclosure flaw but do not provide details on...

7.5CVSS6.7AI score0.02053EPSS
Exploits0References2Affected Software1
rapid7community
rapid7community
added 2017/06/15 2:4 p.m.21 views

About User Enumeration

User enumeration is when a malicious actor can use brute-force to either guess or confirm valid users in a system. User enumeration is often a web application vulnerability, though it can also be found in any system that requires user authentication. Two of the most common areas where user...

6.9AI score
Exploits0
Prion
Prion
added 2017/02/08 7:59 p.m.20 views

Information disclosure

IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system...

4CVSS6.4AI score0.00941EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2017/02/08 7:0 p.m.21 views

CVE-2016-9748

IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system...

4.4AI score0.00941EPSS
Exploits0References2
Apache Httpd
Apache Httpd
added 2017/02/06 12:0 a.m.107 views

Apache Httpd < 2.2.34 : ap_get_basic_auth_pw() Authentication Bypass

Use of the apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use apgetbasicauthcomponents, available in 2.2.34 and 2.4.26, instead of apgetbasicauthpw. Modules which call the legacy...

9.8CVSS2AI score0.20231EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2015/08/24 3:56 p.m.11 views

httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path

A NULL pointer dereference flaw was found in the way httpd generated certain error responses. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error...

5CVSS7.2AI score0.14734EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/09/16 5:1 p.m.3 views

kernel: iscsi-target: heap buffer overflow on large key error

Heap-based buffer overflow in the iscsiaddnotunderstoodresponse function in drivers/target/iscsi/iscsitargetparameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service memory corruption and OOPS or possibly execute arbitrary co...

7.9CVSS8AI score0.07313EPSS
Exploits1References4
Prion
Prion
added 2013/06/07 2:3 p.m.19 views

Heap overflow

Heap-based buffer overflow in the iscsiaddnotunderstoodresponse function in drivers/target/iscsi/iscsitargetparameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service memory corruption and OOPS or possibly execute arbitrary co...

7.9CVSS8.8AI score0.07313EPSS
Exploits1References12Affected Software1
Debian CVE
Debian CVE
added 2013/06/07 10:0 a.m.46 views

CVE-2013-2850

Heap-based buffer overflow in the iscsiaddnotunderstoodresponse function in drivers/target/iscsi/iscsitargetparameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service memory corruption and OOPS or possibly execute arbitrary co...

7.9CVSS9.3AI score0.07313EPSS
Exploits1
Atlassian
Atlassian
added 2013/01/02 4:17 a.m.25 views

Reflected xss in the jira-gadgets-plugin getLabelGroups rest resource

The jira-gadgets-plugin LabelsResource class exposes a getLabelGroups rest resource that is vulnerable to reflected xss through the user supplied 'project' path parameter. The vulnerability is caused by building an error response message with a content type of text/html and not html encoding the...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/02/02 12:0 a.m.55 views

FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)

CVE MITRE reports : An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...

5CVSS8.1AI score0.90734EPSS
Exploits23References7
Apache Httpd
Apache Httpd
added 2012/01/15 12:0 a.m.59 views

Apache Httpd < 2.2.22 : error responses can expose cookies

A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified...

4.3CVSS0.8AI score0.82756EPSS
Exploits4Affected Software1
FreeBSD
FreeBSD
added 2011/10/05 12:0 a.m.63 views

apache -- multiple vulnerabilities

CVE MITRE reports: An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...

2.6CVSS9AI score0.30809EPSS
Exploits0
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.44 views

CentOS Update for thunderbird CESA-2009:1126 centos5 i386

Check for the Version of thunderbird OpenVAS Vulnerability Test CentOS Update for thunderbird CESA-2009:1126 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

9.3CVSS0.2AI score0.09282EPSS
Exploits5References2
NVD
NVD
added 2011/07/07 7:55 p.m.15 views

CVE-2011-2680

Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response."...

10CVSS6.3AI score0.01769EPSS
Exploits0References6
CVE
CVE
added 2011/07/07 7:0 p.m.49 views

CVE-2011-2680

CVE-2011-2680 affects IBM Rational DOORS Web Access 1.4.x before 1.4.0.4. The description is explicit that impact is unknown and that there are remote attack vectors related to the server error response. The NVD entry assigns a high base score (10.0) with network attack vector, no authentication,...

10CVSS6.5AI score0.01769EPSS
Exploits0References6Affected Software1
Cisco
Cisco
added 2010/12/03 8:24 p.m.35 views

Cisco IPsec VPN Implementation Group Name Enumeration Information Disclosure Vulnerability

Multiple Cisco VPN devices contain a vulnerability that could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability exists due to unsafe handling of error response codes. An unauthenticated, remote attacker could exploit this vulnerability by sending...

4.3CVSS6.5AI score0.01588EPSS
Exploits0References1
Rows per page
Query Builder