CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

245 matches found

OpenVAS•added 2012/09/11 12:0 a.m.•14 views

Slackware Advisory SSA:2005-310-04 apache

The remote host is missing an update as announced via advisory SSA:2005-310-04. OpenVAS Vulnerability Test $Id: esoftslkssa200531004.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

0.5AI score

Exploits0

NVD•added 2012/07/25 7:55 p.m.•12 views

CVE-2012-3696

CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling...

4.3CVSS6.3AI score0.00384EPSS

Exploits0References5

Prion•added 2012/07/25 7:55 p.m.•12 views

Crlf injection

4.3CVSS6.7AI score0.00384EPSS

Exploits0References5Affected Software1

CVE•added 2012/07/25 7:0 p.m.•53 views

CVE-2012-3696

CVE-2012-3696 is a WebKit/Safari vulnerability (pre-6.0) exposed via crafted WebSockets URI handling leading to CRLF HTTP header injection and potential HTTP request splitting. The issue affects WebKit in Safari and is documented alongside other WebKit/WebKit-related CVEs in the 2012-09 timeframe...

4.3CVSS6.3AI score0.00384EPSS

Exploits0References5Affected Software1

Cvelist•added 2012/07/25 7:0 p.m.•22 views

CVE-2012-3696

6.2AI score0.00384EPSS

Exploits0References5

Tenable Nessus•added 2012/05/17 12:0 a.m.•28 views

SuSE 10 Security Update : flash-player (ZYPP Patch Number 2969)

This security update brings the Adobe Flash Player to version 7.0.69. It fixes the following security problem : - CRLF injection vulnerability in Adobe Flash Player allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in...

5CVSS5.6AI score0.1744EPSS

Exploits0References2

RedHat Linux•added 2011/06/16 7:13 p.m.•3 views

OpenJDK HttpURLConnection request splitting (6952017)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

6.8CVSS5.9AI score0.05715EPSS

Exploits0References4

RedHat Linux•added 2010/12/15 11:41 p.m.•3 views

OpenJDK HttpURLConnection request splitting (6952017)

6.8CVSS5.9AI score0.05715EPSS

Exploits0References4

RedHat Linux•added 2010/12/15 10:41 p.m.•1 views

OpenJDK HttpURLConnection request splitting (6952017)

6.8CVSS5.9AI score0.05715EPSS

Exploits0References4

RedHat Linux•added 2010/11/10 7:0 p.m.•3 views

OpenJDK HttpURLConnection request splitting (6952017)

6.8CVSS5.9AI score0.05715EPSS

Exploits0References4

securityvulns•added 2010/10/24 12:0 a.m.•51 views

Java Multiple Issues

Hi all and sorry for cross post, after several months since I contacted Oracle informing them about ten issues on Java applet security, they finally released an Java 6 update 22 which fixes several security issues In particular the issues are the following, sorted by impact: Information Disclosur...

0.1AI score

Exploits0

NVD•added 2010/10/19 10:0 p.m.•19 views

CVE-2010-3549

6.8CVSS7.3AI score0.05715EPSS

Exploits0References34

Prion•added 2010/10/19 10:0 p.m.•30 views

Design/Logic Flaw

6.8CVSS8.2AI score0.05715EPSS

Exploits0References34Affected Software3

Cvelist•added 2010/10/19 9:0 p.m.•27 views

CVE-2010-3549

8AI score0.05715EPSS

Exploits0References34

CVE•added 2010/10/19 9:0 p.m.•102 views

CVE-2010-3549

CVE-2010-3549 affects Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28. The incident is tied to incorrect handling of HTTP chunked transfer encoding by HttpURLConnection, with potential impacts to confidentiality, integrity, and availability. The connected O...

6.8CVSS7.2AI score0.05715EPSS

Exploits0References34Affected Software1

OpenVAS•added 2008/09/29 12:0 a.m.•22 views

Cumulative Security Update for Internet Explorer (950759)

This host has Microsoft Internet Explorer installed, which is prone to HTTP request splitting/smuggling and HTML Objects Memory Corruption Vulnerabilities. OpenVAS Vulnerability Test $Id: gbms08-031.nasl 5863 2017-04-05 07:38:11Z antu123 $ Cumulative Security Update for Internet Explorer 950759...

9.3CVSS0.6AI score0.62851EPSS

Exploits1References6

Prion•added 2008/03/28 11:44 p.m.•12 views

Cross site request forgery (csrf)

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a...

4.3CVSS7AI score0.24205EPSS

Exploits1References6Affected Software1

NVD•added 2008/03/28 11:44 p.m.•14 views

CVE-2008-1544

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...

7.1CVSS6.2AI score0.51206EPSS

Exploits0References12

Prion•added 2008/03/28 11:44 p.m.•23 views

Design/Logic Flaw

7.1CVSS6.6AI score0.51206EPSS

Exploits0References12Affected Software1

CVE•added 2008/03/28 11:0 p.m.•60 views

CVE-2008-1545

In this CVE, the affected component is the XMLHttpRequest.setRequestHeader implementation in Microsoft Internet Explorer 7. The issue arises because the method does not restrict the dangerous Transfer-Encoding HTTP header, enabling remote attackers to perform HTTP request splitting and HTTP reque...

4.3CVSS6.5AI score0.24205EPSS

Exploits1References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by