174 matches found
Important: Red Hat Security Advisory: tomcat5 security update
Updated tomcat5 packages that fix three security issues are now available for Red Hat Certificate System 7.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...
Problem with referer header handling on mobile phone web browsers
Overview We have confirmed that web browser products from Openwave Systems Inc. used for the Internet connection service for mobile phones have a problem in its function of sending referer information under certain circumstances. This problem has been reported for KDDI's au mobile phones. KDDI,...
CVE-2006-3918
httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...
CVE-2005-0241
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size...
CVE-2003-1561
Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data...
CVE-2003-1302
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a 1 To or 2 From header with an address that contains a large number of "" backslash characters...
CVE-2003-0459
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites...
NetBSD Security Advisory 2003-010: remote panic in OSI networking code
-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2003-010 ================================= Topic: remote panic in OSI networking code Version: NetBSD-current: source prior to May 26, 2003 NetBSD 1.6.1: affected NetBSD 1.6: affected NetBSD-1.5.3: affected NetBSD-1.5.2: affected...
DEBIAN-CVE-2002-1765
Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service memory consumption and crash via an email with a malformed MIME header...
PT-2002-2497 · Symantec · Symantec Norton Antivirus
Name of the Vulnerable Software and Affected Versions: Symantec Norton AntiVirus NAV version 2002 Description: The issue allows remote attackers to bypass the initial virus scan and cause the software to prematurely stop scanning by using a non-RFC compliant MIME header. The vendor has disputed...
CVE-2002-0285
Outlook Express 5.5 and 6.0 on Windows treats a carriage return "CR" in a message header as if it were a valid carriage return/line feed combination CR/LF, which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only...
Apache Httpd < 1.3.22 : split-logfile can cause arbitrary log files to be written to
A vulnerability was found in the split-logfile support program. A request with a specially crafted Host: header could allow any file with a .log extension on the system to be written to...
Security Bulletin MS01-020
Title: Incorrect MIME Header Can Cause IE to Execute E-mail Attachment Date: 29 March 2001 Software: Microsoft Internet Explorer Impact: Run code of attacker's choice. Bulletin: MS01-020 Microsoft encourages customers to review the Security Bulletin at:...
CVE-2000-1244
Computer Associates InoculateIT Agent for Exchange Server does not recognize an e-mail virus attachment if the SMTP header is missing the "From" field, which allows remote attackers to bypass virus protection...