455 matches found
DEBIAN-CVE-2015-5168
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206...
BSA-2017-363
Security Advisory ID : BSA-2017-363 Component : Apache Revision : 1.0: Interim A maliciously constructed HTTP/2 request could cause modhttp2 to dereference a NULL pointer and crash the server process. Affected Products Brocade is investigating its product lines to determine which products may be...
UBUNTU-CVE-2016-6581
A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...
PT-2017-8994
Name of the Vulnerable Software and Affected Versions Python HPACK library versions 1.0.0 through 2.2.0 Description A denial of service attack, known as an "HPACK Bomb" attack, can be launched against the HTTP/2 implementation built using the Python HPACK library. This occurs when an attacker...
httpd: X509 client certificate authentication bypass using HTTP/2
A flaw was found in the way httpd performed client authentication using X.509 client certificates. When the HTTP/2 protocol was enabled, a remote attacker could use this flaw to access resources protected by certificate authentication without providing a valid client certificate...
Apache HTTPD Information Disclosure Vulnerability
Apache HTTP Server is an open source web server from the Apache Software Foundation. Apache HTTPD Web Server 2.4.18-2.4.20 fails to properly validate X509 client certificates for resource access over HTTP/2. This could allow third parties to access web server resources without credentials, leadin...
Web Application Scanning Consolidation / Info Reporting
The script consolidates and reports various information for web application formerly called SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH SPDX-FileCopyrightText: New / improved code since 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...
UBUNTU-CVE-2015-0799
The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header...
Medium: httpd
Issue Overview: It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2012:0128 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...
HTTP Version Detection
Display version information about each system. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Version Detection', 'Description' = 'Display version information about each system.', 'Author...
Apache mod_proxy_ajp Information Disclosure Vulnerability
This host is running Apache Web Server and is prone to Information Disclosure Vulnerability. OpenVAS Vulnerability Test $Id: secpodapachemodproxyajpinfodiscvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Apache modproxyajp Information Disclosure Vulnerability Authors: Sujit Ghosal Copyright: Copyrig...
HTTP Version Detection
Checks the supported HTTP version of the remote system. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-724-1: Squid vulnerability
Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered that Squid did not properly validate the HTTP version when processing requests. A remote attacker could exploit this to cause a denial of service assertion failure...
Squid HTTP Version Number Parsing Denial of Service (CVE-2009-0478)
The Squid proxy server is a popular open source, Internet proxy and web caching application. A denial of service vulnerability has been reported in Squid proxy. The vulnerability is due to an error within the Squid proxy that fails to properly parse version numbers when processing malformed HTTP...
Squid Web代理缓存HTTP版本号解析拒绝服务漏洞
BUGTRAQ ID: 33604 CVECAN ID: CVE-2009-0478 Squid是一个高效的Web缓存及代理程序,最初是为Unix平台开发的,现在也被移植到Linux和大多数的Unix类系统中,最新的Squid可以运行在Windows平台下。 Squid没有正确地处理畸形的HTTP版本号,远程客户端可以向服务器发送特制请求导致拒绝服务的情况。 Squid Web Proxy Cache 3.1 Squid Web Proxy Cache 3.0 Squid Web Proxy Cache 2.7 厂商补丁: Squid -----...
DEBIAN-CVE-2009-0478
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in 1 HttpMsg.c and 2 HttpStatusLine.c...
Preemptive Protection against Squid HTTP Version Number Parsing Denial of Service
A denial of service vulnerability was reported in the Squid proxy server. The Squid proxy server is a popular open source, Internet proxy and web caching application.The vulnerability is due to inappropriate parsing of the version number when processing malformed HTTP requests. Remote...
Preemptive Protection against Oracle WebLogic Server Apache Connector HTTP Version String Buffer Vulnerability
A string buffer overflow vulnerability has been reported in Oracle BEA WebLogic Server Apache Connector. BEA WebLogic Server is a Java Application Server platform that supports various databases including Oracle. A remote attacker may exploit this vulnerability to execute arbitrary code on a...
Stack overflow
Multiple stack-based buffer overflows in the filter service aka k9filter.exe in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow 1 remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and 2 man-in-the-middle attacke...