3522 matches found
CVE-2012-0256
Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service daemon crash via a long HTTP Host header...
Apache Traffic Server HTTP主机标头处理缓冲区溢出漏洞
BUGTRAQ ID: 52696 CVE ID: CVE-2012-0256 Apache Traffic Server(ATS或TS)是一个高性能的、可扩展的模块化HTTP/1.1缓存代理服务器。 Apache Traffic Server在HTTP协议的实现上存在堆溢出漏洞,通过发送特制的HTTP消息到受影响服务器可造成拒绝访问或执行任意代码。 0 Apache Group Traffic Server 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://httpd.apache.org/...
Apache Traffic Server DoS
Server crash on oversized Host: header...
Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability
The host is running Microsoft IIS Webserver and is prone to IP address disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodmsiisinternalipaddrdiscvuln.nasl 5698 2017-03-23 14:04:51Z cfi $ Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability Authors: Madhuri D...
CVE-2012-1050
Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header...
Directory traversal
Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header...
CVE-2012-1050
Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header...
DEBIAN-CVE-2011-4140
The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...
DEBIAN-CVE-2011-4139
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...
CVE-2011-4139
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...
PYSEC-2011-4
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...
PYSEC-2011-4
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...
CVE-2011-4139
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...
CVE-2011-4139
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...
CVE-2011-4139
Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...
Nmap NSE net: http-brute
Performs brute force password auditing against http basic authentication. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true http-brute.hostname: sets the host header in case of virtual...
CVE-2010-4714
Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to 1 gwpoa.exe in the Post Office Agent, 2 gwmta.exe in the Message Transfer Agent, 3 gwia.exe in the Internet Agent, 4 the WebAccess Agent, or 5 th...
Preemptive Protection against Novell GroupWise Agents HTTP Request Remote Code Execution
A code execution vulnerability exists in the GroupWise agents HTTP interfaces. The vulnerability is due to insufficient bounds checking while parsing the Host header from an HTTP GET request. A remote attacker could exploit this vulnerability by sending a crafted HTTP request to the server...
Mozilla Fixes Site Error-Handling Bug
Mozilla has fixed a bug in the way that its Bugzilla Web site and others handled certain errors, which could have been exploited to execute a man-in-the-middle attack against an unsuspecting user. The bug was related to the way that the sites responded to certain requests from client machines whe...
Blue Coat WinProxy - Host Header Overflow (Metasploit)
$Id: bluecoatwinproxyhost.rb 9797 2010-07-12 23:25:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...