CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

Mandriva Linux Security Advisory : curl (MDVSA-2015:021)

Updated curl packages fix security vulnerability : When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program t...

[ MDVSA-2015:021 ] curl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:021 http://www.mandriva.com/en/support/security/ Package : curl Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated curl packages fix security vulnerability: When libcurl sends...

FreeBSD : cURL -- URL request injection vulnerability (caa98ffd-0a92-40d0-b234-fd79b429157e)

cURL reports : When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP...

Updated curl packages fix CVE-2014-8150

Updated curl packages fix security vulnerability: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to...

MGASA-2015-0020 Updated curl packages fix CVE-2014-8150

Updated curl packages fix security vulnerability: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to...

Debian DSA-3122-1 : curl - security update

Andrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to do additional requests in...

[SECURITY] [DSA 3122-1] curl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3122-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 08, 2015 http://www.debian.org/security/faq -...

CURL-CVE-2014-8150 URL request injection

When libcurl sends a request to a server via an HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those are sent along to the proxy too, which allows the program to for example send a separate HTTP request injected...

CVE-2014-8150

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...

DSA-3122-1 curl - security update

Bulletin has no description...

UBUNTU-CVE-2014-8150

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...

cURL -- URL request injection vulnerability

cURL reports: When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP...

License Update Fails In Networks Where HTTP Proxy Must Be Used

Known Limitation A tenant's Veeam Backup & Replication server cannot access Veeam Cloud Connect infrastructure components through HTTP/HTTPS proxy servers. All cloud-targeted traffic from the tenant's Veeam Backup & Replication server will ignore proxy settings. Challenge License updating may fai...

openSUSE Security Update : firefox / mozilla-nspr / mozilla-nss (openSUSE-SU-2014:1344-1)

update to Firefox 33.0 bnc900941 New features : - OpenH264 support sandboxed - Enhanced Tiles - Improved search experience through the location bar - Slimmer and faster JavaScript strings - New CSP Content Security Policy backend - Support for connecting to HTTP proxy over HTTPS - Improved...

DEBIAN-CVE-2012-5580

Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...

Trying to hack Redis via HTTP requests-vulnerability warning-the black bar safety net

0x01 scenario We assume that there is a SSRF vulnerability or a misconfigured proxy server, so that the attacker via HTTP requests to directly access the Redis service. In the above assumptions of the two cases, ask us for the HTTP request to access at least one line is fully controllable, this...

Bing Dork Scanner - Tool to extract urls from a bing search

This is a simple script with GUI, to extract urls from a bing search. Support only HTTP proxy. Required Perl Modules: LWP Gtk2 Glib uft8 threads threads::shared URI::Escape Download Bing Dork Scanner...

tinyproxy tinyproxy 1.3.2/1.3.3 Heap Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2217/info Versions 1.3.2 and 1.3.3 of tinyproxy, a small HTTP proxy, exhibit a vulnerability to heap overflow attacks. A failure to properly validate user-supplied input which arguments a call to sprintf can allow...