Lucene search
K

3522 matches found

debiancve
debiancve
added 2012/03/26 2:0 p.m.39 views

CVE-2012-0256

Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service daemon crash via a long HTTP Host header...

5CVSS4.6AI score0.03473EPSS
Exploits1
seebug
seebug
added 2012/03/26 12:0 a.m.36 views

Apache Traffic Server HTTP主机标头处理缓冲区溢出漏洞

BUGTRAQ ID: 52696 CVE ID: CVE-2012-0256 Apache Traffic Server(ATS或TS)是一个高性能的、可扩展的模块化HTTP/1.1缓存代理服务器。 Apache Traffic Server在HTTP协议的实现上存在堆溢出漏洞,通过发送特制的HTTP消息到受影响服务器可造成拒绝访问或执行任意代码。 0 Apache Group Traffic Server 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://httpd.apache.org/...

5CVSS6.4AI score0.03473EPSS
Exploits1
securityvulns
securityvulns
added 2012/03/26 12:0 a.m.32 views

Apache Traffic Server DoS

Server crash on oversized Host: header...

5CVSS2.2AI score0.03473EPSS
Exploits1References1
openvas
openvas
added 2012/02/23 12:0 a.m.77 views

Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability

The host is running Microsoft IIS Webserver and is prone to IP address disclosure vulnerability. OpenVAS Vulnerability Test $Id: secpodmsiisinternalipaddrdiscvuln.nasl 5698 2017-03-23 14:04:51Z cfi $ Microsoft IIS IP Address/Internal Network Name Disclosure Vulnerability Authors: Madhuri D...

0.1AI score
Exploits0References4
nvd
nvd
added 2012/02/13 7:55 p.m.24 views

CVE-2012-1050

Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header...

4.3CVSS6.6AI score0.0347EPSS
Exploits0References7
prion
prion
added 2012/02/13 7:55 p.m.16 views

Directory traversal

Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header...

4.3CVSS7.1AI score0.0347EPSS
Exploits0References7Affected Software1
ubuntucve
ubuntucve
added 2012/02/13 7:55 p.m.30 views

CVE-2012-1050

Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header...

4.3CVSS6AI score0.0347EPSS
Exploits0References2
osv
osv
added 2011/10/19 10:55 a.m.3 views

DEBIAN-CVE-2011-4140

The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page...

6.8CVSS7.2AI score0.01093EPSS
Exploits0References1
osv
osv
added 2011/10/19 10:55 a.m.3 views

DEBIAN-CVE-2011-4139

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...

5CVSS6.9AI score0.02304EPSS
Exploits0References1
osv
osv
added 2011/10/19 10:55 a.m.7 views

CVE-2011-4139

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...

6.3AI score0.02304EPSS
Exploits0References9
pypa
pypa
added 2011/10/19 10:55 a.m.7 views

PYSEC-2011-4

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...

5CVSS6.9AI score0.02304EPSS
Exploits0References9Affected Software1
osv
osv
added 2011/10/19 10:55 a.m.36 views

PYSEC-2011-4

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...

5CVSS5.5AI score0.02304EPSS
Exploits0References9
cvelist
cvelist
added 2011/10/19 10:0 a.m.39 views

CVE-2011-4139

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...

6.2AI score0.02304EPSS
Exploits0References8
debiancve
debiancve
added 2011/10/19 10:0 a.m.35 views

CVE-2011-4139

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...

5CVSS6.2AI score0.02304EPSS
Exploits0
ubuntucve
ubuntucve
added 2011/10/19 12:0 a.m.26 views

CVE-2011-4139

Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request...

5CVSS5.9AI score0.02304EPSS
Exploits0References3
openvas
openvas
added 2011/06/01 12:0 a.m.14 views

Nmap NSE net: http-brute

Performs brute force password auditing against http basic authentication. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true http-brute.hostname: sets the host header in case of virtual...

7AI score
Exploits0
nvd
nvd
added 2011/01/31 8:0 p.m.21 views

CVE-2010-4714

Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to 1 gwpoa.exe in the Post Office Agent, 2 gwmta.exe in the Message Transfer Agent, 3 gwia.exe in the Internet Agent, 4 the WebAccess Agent, or 5 th...

10CVSS7.8AI score0.06121EPSS
Exploits0References4
checkpoint_advisories
checkpoint_advisories
added 2010/11/30 12:0 a.m.2 views

Preemptive Protection against Novell GroupWise Agents HTTP Request Remote Code Execution

A code execution vulnerability exists in the GroupWise agents HTTP interfaces. The vulnerability is due to insufficient bounds checking while parsing the Host header from an HTTP GET request. A remote attacker could exploit this vulnerability by sending a crafted HTTP request to the server...

7.9AI score
Exploits0
threatpost
threatpost
added 2010/11/22 7:25 p.m.8 views

Mozilla Fixes Site Error-Handling Bug

Mozilla has fixed a bug in the way that its Bugzilla Web site and others handled certain errors, which could have been exploited to execute a man-in-the-middle attack against an unsuspecting user. The bug was related to the way that the sites responded to certain requests from client machines whe...

0.4AI score
Exploits0References7
exploitdb
exploitdb
added 2010/07/12 12:0 a.m.35 views

Blue Coat WinProxy - Host Header Overflow (Metasploit)

$Id: bluecoatwinproxyhost.rb 9797 2010-07-12 23:25:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.5CVSS7AI score0.65925EPSS
Exploits8
Rows per page
Query Builder