Lucene search
K

455 matches found

OSV
OSV
added 2017/09/13 4:29 p.m.2 views

DEBIAN-CVE-2015-5168

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206...

9.8CVSS7.1AI score0.02411EPSS
Exploits0References1
Broadcom
Broadcom
added 2017/08/25 12:0 a.m.8 views

BSA-2017-363

Security Advisory ID : BSA-2017-363 Component : Apache Revision : 1.0: Interim A maliciously constructed HTTP/2 request could cause modhttp2 to dereference a NULL pointer and crash the server process. Affected Products Brocade is investigating its product lines to determine which products may be...

7.5CVSS6.9AI score0.53939EPSS
Exploits0
OSV
OSV
added 2017/01/10 3:59 p.m.5 views

UBUNTU-CVE-2016-6581

A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...

7.5CVSS7.1AI score0.01757EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2017/01/10 12:0 a.m.6 views

PT-2017-8994

Name of the Vulnerable Software and Affected Versions Python HPACK library versions 1.0.0 through 2.2.0 Description A denial of service attack, known as an "HPACK Bomb" attack, can be launched against the HTTP/2 implementation built using the Python HPACK library. This occurs when an attacker...

8.7CVSS7.2AI score0.01757EPSS
Exploits0References23
RedHat Linux
RedHat Linux
added 2016/07/18 3:30 p.m.6 views

httpd: X509 client certificate authentication bypass using HTTP/2

A flaw was found in the way httpd performed client authentication using X.509 client certificates. When the HTTP/2 protocol was enabled, a remote attacker could use this flaw to access resources protected by certificate authentication without providing a valid client certificate...

7.5CVSS7.2AI score0.18802EPSS
Exploits0References5
CNVD
CNVD
added 2016/07/06 12:0 a.m.41 views

Apache HTTPD Information Disclosure Vulnerability

Apache HTTP Server is an open source web server from the Apache Software Foundation. Apache HTTPD Web Server 2.4.18-2.4.20 fails to properly validate X509 client certificates for resource access over HTTP/2. This could allow third parties to access web server resources without credentials, leadin...

7.5CVSS9.3AI score0.18802EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/09/14 12:0 a.m.1227 views

Web Application Scanning Consolidation / Info Reporting

The script consolidates and reports various information for web application formerly called SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH SPDX-FileCopyrightText: New / improved code since 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

5.3AI score
Exploits0References1
OSV
OSV
added 2015/04/06 12:0 a.m.4 views

UBUNTU-CVE-2015-0799

The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header...

4.3CVSS7.3AI score0.01174EPSS
Exploits0References4
Amazon
Amazon
added 2012/02/16 12:0 a.m.139 views

Medium: httpd

Issue Overview: It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a...

5CVSS8.9AI score0.90734EPSS
Exploits24References1
Cent OS
Cent OS
added 2012/02/14 11:13 a.m.107 views

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2012:0128 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

4.6CVSS7.6AI score0.82756EPSS
Exploits13References7
Metasploit
Metasploit
added 2010/01/15 2:55 a.m.10 views

HTTP Version Detection

Display version information about each system. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Version Detection', 'Description' = 'Display version information about each system.', 'Author...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2009/04/30 12:0 a.m.30 views

Apache mod_proxy_ajp Information Disclosure Vulnerability

This host is running Apache Web Server and is prone to Information Disclosure Vulnerability. OpenVAS Vulnerability Test $Id: secpodapachemodproxyajpinfodiscvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Apache modproxyajp Information Disclosure Vulnerability Authors: Sujit Ghosal Copyright: Copyrig...

5CVSS7.3AI score0.12383EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2009/03/10 12:0 a.m.20 views

HTTP Version Detection

Checks the supported HTTP version of the remote system. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0
Ubuntu
Ubuntu
added 2009/02/25 9:17 p.m.53 views

USN-724-1: Squid vulnerability

Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered that Squid did not properly validate the HTTP version when processing requests. A remote attacker could exploit this to cause a denial of service assertion failure...

5CVSS5.2AI score0.71986EPSS
Exploits8
Check Point Advisories
Check Point Advisories
added 2009/02/23 12:0 a.m.4 views

Squid HTTP Version Number Parsing Denial of Service (CVE-2009-0478)

The Squid proxy server is a popular open source, Internet proxy and web caching application. A denial of service vulnerability has been reported in Squid proxy. The vulnerability is due to an error within the Squid proxy that fails to properly parse version numbers when processing malformed HTTP...

5CVSS6.2AI score0.71986EPSS
Exploits8
seebug.org
seebug.org
added 2009/02/11 12:0 a.m.39 views

Squid Web代理缓存HTTP版本号解析拒绝服务漏洞

BUGTRAQ ID: 33604 CVECAN ID: CVE-2009-0478 Squid是一个高效的Web缓存及代理程序,最初是为Unix平台开发的,现在也被移植到Linux和大多数的Unix类系统中,最新的Squid可以运行在Windows平台下。 Squid没有正确地处理畸形的HTTP版本号,远程客户端可以向服务器发送特制请求导致拒绝服务的情况。 Squid Web Proxy Cache 3.1 Squid Web Proxy Cache 3.0 Squid Web Proxy Cache 2.7 厂商补丁: Squid -----...

5CVSS6.2AI score0.71986EPSS
Exploits8
OSV
OSV
added 2009/02/08 10:30 p.m.2 views

DEBIAN-CVE-2009-0478

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in 1 HttpMsg.c and 2 HttpStatusLine.c...

5CVSS6.4AI score0.71986EPSS
Exploits8References1
Check Point Advisories
Check Point Advisories
added 2009/01/15 12:0 a.m.4 views

Preemptive Protection against Squid HTTP Version Number Parsing Denial of Service

A denial of service vulnerability was reported in the Squid proxy server. The Squid proxy server is a popular open source, Internet proxy and web caching application.The vulnerability is due to inappropriate parsing of the version number when processing malformed HTTP requests. Remote...

5CVSS6.4AI score0.71986EPSS
Exploits8
Check Point Advisories
Check Point Advisories
added 2008/08/03 12:0 a.m.13 views

Preemptive Protection against Oracle WebLogic Server Apache Connector HTTP Version String Buffer Vulnerability

A string buffer overflow vulnerability has been reported in Oracle BEA WebLogic Server Apache Connector. BEA WebLogic Server is a Java Application Server platform that supports various databases including Oracle. A remote attacker may exploit this vulnerability to execute arbitrary code on a...

10CVSS7.6AI score0.83589EPSS
Exploits9
Prion
Prion
added 2008/08/01 2:41 p.m.15 views

Stack overflow

Multiple stack-based buffer overflows in the filter service aka k9filter.exe in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow 1 remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and 2 man-in-the-middle attacke...

9.3CVSS8.2AI score0.15493EPSS
Exploits3References12Affected Software2
Rows per page
Query Builder