Lucene search
K

78 matches found

NVD
NVD
added 2009/04/15 8:0 a.m.29 views

CVE-2009-0089

Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate...

5.8CVSS6.4AI score0.05071EPSS
Exploits1References7
NVD
NVD
added 2009/04/15 8:0 a.m.33 views

CVE-2009-0550

Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows...

9.3CVSS6.9AI score0.11749EPSS
Exploits5References16
Prion
Prion
added 2009/04/15 8:0 a.m.22 views

Design/Logic Flaw

Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate...

5.8CVSS6.9AI score0.05071EPSS
Exploits1References7
CVE
CVE
added 2009/04/15 3:49 a.m.114 views

CVE-2009-0550

CVE-2009-0550 impacts Windows HTTP Services (WinHTTP) and WinINet used by Internet Explorer, on Windows 2000 SP4, XP SP2/SP3, Server 2003, Vista, and Server 2008; the vulnerability allows an attacker-controlled remote web server to capture NTLM credentials and replay them, and to execute arbitrar...

9.3CVSS6.9AI score0.11749EPSS
Exploits5References16Affected Software5
CVE
CVE
added 2009/04/15 3:49 a.m.87 views

CVE-2009-0089

CVE-2009-0089 describes a vulnerability in Windows HTTP Services (WinHTTP) where remote servers could impersonate HTTPS sites via DNS spoofing and forward a connection to a host with a valid certificate for a different domain. Affected: Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, and Vista...

5.8CVSS6.5AI score0.05071EPSS
Exploits1References7Affected Software5
CVE
CVE
added 2009/04/15 3:49 a.m.159 views

CVE-2009-0086

CVE-2009-0086 describes an integer underflow in Windows HTTP Services (WinHTTP) that allows remote code execution when a remote server sends crafted values in a response. The vulnerability affects multiple Windows versions, including Windows 2000 SP4, XP SP2/SP3, Server 2003 SP1/SP2, Vista (Gold/...

10CVSS7.5AI score0.1415EPSS
Exploits1References8Affected Software5
Cvelist
Cvelist
added 2009/04/15 3:49 a.m.36 views

CVE-2009-0086

Integer underflow in Windows HTTP Services aka WinHTTP in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windo...

7.3AI score0.1415EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2009/04/15 12:0 a.m.82 views

Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803)

This host is missing a critical security update according to Microsoft Bulletin MS09-013. OpenVAS Vulnerability Test $Id: secpodms09-013.nasl 5934 2017-04-11 12:28:28Z antu123 $ Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities 960803 Authors: Chandan S Updated By: Madhuri D...

10CVSS0.7AI score0.1415EPSS
Exploits7References1
Positive Technologies
Positive Technologies
added 2009/04/15 12:0 a.m.6 views

PT-2009-2786 · Microsoft · Windows +1

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue is related to an integer underflow in Windows HTTP Services, allowing remote HTTP servers to execute arbitrary code via crafted parameter values in a response. This ...

10CVSS7.5AI score0.1415EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2009/04/15 12:0 a.m.4 views

PT-2009-2789 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: A spoofing issue exists due to incomplete validation of the distinguished name in a digital certificate. This can be combined with other attacks, such as DNS spoofing, allowin...

5.8CVSS5.8AI score0.05071EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2009/04/15 12:0 a.m.38 views

MS09-013: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)

The version of Windows HTTP Services installed on the remote host is affected by several vulnerabilities : - An integer underflow triggered by a specially crafted response from a malicious web server for example, during device discovery of UPnP devices on a network may allow for arbitrary code...

10CVSS6AI score0.1415EPSS
Exploits7References4
OpenVAS
OpenVAS
added 2009/04/15 12:0 a.m.38 views

Windows HTTP Services Could Allow RCE Vulnerabilities (960803)

This host is missing a critical security update according to Microsoft Bulletin MS09-013. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

10CVSS5AI score0.1415EPSS
Exploits7References4
securityvulns
securityvulns
added 2009/04/14 12:0 a.m.101 views

Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)

Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution 960803 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and two privately...

10CVSS0.8AI score0.1415EPSS
Exploits7
Check Point Advisories
Check Point Advisories
added 2009/04/14 12:0 a.m.26 views

Protection against Microsoft Windows HTTP Services Certificate Name Mismatch Remote Code Execution Vulnerability (MS09-013)

A spoofing vulnerability has been reported in Microsoft Windows HTTP Services. Windows HTTP Services WinHTTP provides developers with an HTTP client application programming interface API to send requests through the HTTP protocol to other HTTP servers. A remote attacker may exploit this issue to...

5.8CVSS6.2AI score0.05071EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2009/04/14 12:0 a.m.14 views

Microsoft Windows HTTP Services Credential Reflection Code Execution (MS09-013; CVE-2009-0550)

Windows HTTP Services WinHTTP provides developers with an HTTP client application programming interface API to send requests through the HTTP protocol to other HTTP servers. A remote code execution vulnerability has been reported in the way Microsoft Windows HTTP Services handles NTLM credentials...

9.3CVSS7.1AI score0.11749EPSS
Exploits5
Check Point Advisories
Check Point Advisories
added 2009/04/14 12:0 a.m.13 views

Microsoft Windows HTTP Services Chunked Encoding Integer Underflow (MS09-013; CVE-2009-0086)

Windows HTTP Services WinHTTP provides developers with an HTTP client application programming interface API to send requests through the HTTP protocol to other HTTP servers. A remote code execution vulnerability has been reported in Microsoft Windows HTTP Services. The vulnerability is due to the...

10CVSS7.6AI score0.1415EPSS
Exploits1
FreeBSD
FreeBSD
added 2004/06/19 12:0 a.m.13 views

Remote Denial of Service of HTTP server and client

giFT-FastTrack is susceptible to a remote Denial of Service attack which could allow a remote attacker to render HTTP services unusable. According to the developers, no code execution is possible; however, they recommend an immediate upgrade...

5.6AI score
Exploits0References3
Microsoft Security Update
Microsoft Security Update
added 1976/01/01 12:0 a.m.3 views

Update for Background Intelligent Transfer Service (BITS) 2.0 and WinHTTP 5.1 (KB842773)

Update for Background Intelligent Transfer Service BITS 2.0 and WinHTTP 5.1 KB842773...

7AI score
Exploits0
Rows per page
Query Builder