3632 matches found
Cross site request forgery (csrf)
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a...
CVE-2008-1545
In this CVE, the affected component is the XMLHttpRequest.setRequestHeader implementation in Microsoft Internet Explorer 7. The issue arises because the method does not restrict the dangerous Transfer-Encoding HTTP header, enabling remote attackers to perform HTTP request splitting and HTTP reque...
CVE-2008-1545
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a...
CVE-2008-1544
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...
[MSA01240108] IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling.
MSA01240108: IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling. Date: March 21th, 2008 Tested Versions: Internet Explorer 7.0.5730.11 Tested OS: Windows XP Professional SP2 Italian Minded Security ReferenceID: MSA01240108 Credits: Discovery by Stefano Di Paola of Minded Security...
SuSE 10 Security Update : Tomcat 5 (ZYPP Patch Number 4990)
Cross-site scripting XSS vulnerability in example JSP applications. CVE-2006-7196 - Handling of cookies containing a ' character. CVE-2007-3382 - Handling of ' in cookies. CVE-2007-3385 - tomcat path traversal / information leak. CVE-2007-5641 - directory traversal. CVE-2007-1860 - tomcat https...
Debian Security Advisory DSA 934-1 (pound)
The remote host is missing an update to pound announced via advisory DSA 934-1. Two vulnerabilities have been discovered in Pound, a reverse proxy and load balancer for HTTP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-1391: Overly long HTTP Host:...
Cross site scripting
Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing 1 JavaScript or 2 HTTP headers via an unspecified vector, possibly the forwardTo parameter to redirect.do. NOTE: the impact might be cross-site scripting XSS or HTTP request...
CVE-2007-2907
Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing 1 JavaScript or 2 HTTP headers via an unspecified vector, possibly the forwardTo parameter to redirect.do. NOTE: the impact might be cross-site scripting XSS or HTTP request...
CVE-2007-2907
SSL-Explorer before 0.2.13 contains an unspecified vulnerability allowing remote authenticated users to supply redirect URLs with embedded JavaScript or HTTP headers via an unspecified vector, likely the forwardTo parameter to redirect.do. The note indicates the impact may be cross-site scripting...
tomcat multiple content-length header poisioning
Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...
tomcat multiple content-length header poisioning
Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...
tomcat multiple content-length header poisioning
Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...
CVE-2005-4827
CVE-2005-4827 affects Internet Explorer 6.0 (and possibly other versions). It describes a bypass of the same-origin policy by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) with a method name containing tab, newline, or carriage return characters, a pattern some proxies convert to s...
CVE-2006-6276
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting XSS, and poison web...
CVE-2006-6276
Sun Java System Proxy Server versions prior to 20061130 are affected by an HTTP request smuggling vulnerability when used with Sun Java System Application Server or Sun Java System Web Server. Exploitation could bypass HTTP request filtering, enable web session hijacking, permit cross-site script...
Debian DSA-934-1 : pound - several vulnerabilities
Two vulnerabilities have been discovered in Pound, a reverse proxy and load balancer for HTTP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-1391 : Overly long HTTP Host: headers may trigger a buffer overflow in the addport function, which may lea...
GLSA-200606-05 : Pound: HTTP request smuggling
The remote host is affected by the vulnerability described in GLSA-200606-05 Pound: HTTP request smuggling Pound fails to handle HTTP requests with conflicting 'Content-Length' and 'Transfer-Encoding' headers correctly. Impact : An attacker could exploit this vulnerability by sending HTTP request...
"Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein
Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a lot more... Amit Klein, September 2005 Preface ======= This paper is released in a bit of haste, and as such, it may be somewhat incomplete. The reason is that I was toying with the concepts and techniques outlined in it for th...
DSA-934-1 pound - remote
Bulletin has no description...