Medium: httpd

Issue Overview: Apache HTTP Request Parsing Whitespace Defects It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or...

EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1085)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored i...

EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1086)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored i...

RedHat Update for httpd RHSA-2017:0906-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: httpd security and bug fix update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2016-8743

It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a...

Eclipse Foundation Jetty Web Server HttpParser Remote Information Disclosure (CVE-2015-2080)

An information disclosure vulnerability exists in Eclipse Foundation Jetty Web Server. The vulnerability is due to improper parsing of HTTP requests that can lead to information disclosure via HTTP responses from the server. A remote attacker can exploit this vulnerability by sending HTTP request...

Jetty 9.2.8 Shared Buffer Leakage Vulnerability

Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests and responses submitted to the server by other users. Jetty versions 9.2.3 through 9.2.8 are affected...

Monkey HTTPD 1.1.1 - Crash PoC

No description provided by source. Title: ====== Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: ===== 2013-05-28 References: =========== http://bugs.monkey-project.com/ticket/181 Introduction: ============= Monkey is a lightweight and powerful web server for GNU/Linux. It has been...

[Suricata 1.4.7] Open Source Next Generation Intrusion Detection and Prevention Engine

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. OISF is part of and funded by the Department of...

CVE-2013-6627

net/http/httpstreamparser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational aka 1xx status codes, which allows remote web servers to cause a denial of service out-of-bounds read via a crafted response...

CVE-2013-6627

net/http/httpstreamparser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational aka 1xx status codes, which allows remote web servers to cause a denial of service out-of-bounds read via a crafted response...

DEBIAN-CVE-2012-2330

The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...

HTTP Server Security Vulnerability: Please upgrade to 0.6.17

HTTP Server Security Vulnerability: Please upgrade to 0.6.17 tl;dr A carefully crafted attack request can cause the contents of the HTTP parser's buffer to be appended to the attacking request's header, making it appear to come from the attacker. Since it is generally safe to echo back contents o...

Buffer overflow

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...

CVE-2009-2629

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...

DEBIAN-CVE-2009-2629

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...

CVE-2009-2629

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...

Debian Security Advisory DSA 1686-1 (no-ip)

The remote host is missing an update to no-ip announced via advisory DSA 1686-1. OpenVAS Vulnerability Test $Id: deb16861.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1686-1 no-ip Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian: Security Advisory (DSA-1686-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...