Lucene search
K

39 matches found

Prion
Prion
added 2018/06/26 3:29 p.m.25 views

Default configuration

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled poorly. An HTTP/1 style request line i.e. method space URI space version that declares a version of HTTP/0.9 was accepted and treated as a...

5CVSS8.3AI score0.06411EPSS
Exploits0References12Affected Software2
UbuntuCve
UbuntuCve
added 2018/06/26 3:29 p.m.30 views

CVE-2017-7656

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled poorly. An HTTP/1 style request line i.e. method space URI space version that declares a version of HTTP/0.9 was accepted and treated as a...

7.5CVSS6.9AI score0.06411EPSS
Exploits0References2
OSV
OSV
added 2018/06/26 3:29 p.m.25 views

CVE-2017-7656

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled poorly. An HTTP/1 style request line i.e. method space URI space version that declares a version of HTTP/0.9 was accepted and treated as a...

7.5CVSS7.7AI score
Exploits0References12
Cvelist
Cvelist
added 2018/06/26 3:0 p.m.20 views

CVE-2017-7656

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled poorly. An HTTP/1 style request line i.e. method space URI space version that declares a version of HTTP/0.9 was accepted and treated as a...

8.4AI score0.06411EPSS
Exploits0References12
CVE
CVE
added 2018/06/26 3:0 p.m.218 views

CVE-2017-7656

CVE-2017-7656 affects Eclipse Jetty: HTTP/0.9 handling vulnerability in Jetty 9.2.x and older, 9.3.x (all configurations), and 9.4.x with RFC2616 compliance enabled. An HTTP/1 style request line declaring HTTP/0.9 could be treated as a 0.9 request, potentially enabling intermediar y proxies to mi...

7.5CVSS8.2AI score0.06411EPSS
Exploits0References12Affected Software1
Debian CVE
Debian CVE
added 2018/06/26 3:0 p.m.29 views

CVE-2017-7656

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, HTTP/0.9 is handled poorly. An HTTP/1 style request line i.e. method space URI space version that declares a version of HTTP/0.9 was accepted and treated as a...

7.5CVSS6.4AI score0.06411EPSS
Exploits0
NVD
NVD
added 2016/09/25 10:59 a.m.14 views

CVE-2016-4760

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support...

6.5CVSS5.8AI score0.01951EPSS
Exploits0References8
Prion
Prion
added 2016/09/25 10:59 a.m.16 views

Code injection

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support...

4.3CVSS6.2AI score0.01951EPSS
Exploits0References8Affected Software3
CVE
CVE
added 2016/09/25 10:0 a.m.78 views

CVE-2016-4760

CVE-2016-4760 concerns WebKit in Apple iOS (pre-10), iTunes for Windows (pre-12.5.1), and Safari (pre-10). The vulnerability allows remote attackers to perform DNS rebinding against non-HTTP Safari sessions by exploiting HTTP/0.9 support. Public references indicate multiple WebKit-related CVEs ar...

6.5CVSS6.5AI score0.01951EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2016/07/22 3:0 a.m.17 views

CVE-2016-4651

Cross-site scripting XSS vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting XPXSS" vulnerability...

6.1CVSS5.5AI score0.02259EPSS
Exploits0References8
Prion
Prion
added 2016/07/22 3:0 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting XPXSS" vulnerability...

4.3CVSS5.1AI score0.02259EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2016/07/22 1:0 a.m.20 views

CVE-2016-4651

Cross-site scripting XSS vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting XPXSS" vulnerability...

6AI score0.02259EPSS
Exploits0References8
CVE
CVE
added 2016/07/22 1:0 a.m.64 views

CVE-2016-4651

CVE-2016-4651 affects WebKit JavaScript bindings in Apple iOS (before 9.3.3) and Safari (before 9.1.2). The vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted HTTP/0.9 responses, related to a cross-protocol cross-site scripting (XPXSS) issue. Connected source...

6.1CVSS5.7AI score0.02259EPSS
Exploits0References8Affected Software1
UbuntuCve
UbuntuCve
added 2016/07/21 12:0 a.m.22 views

CVE-2016-4651

Cross-site scripting XSS vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting XPXSS" vulnerability...

6.1CVSS7AI score0.02259EPSS
Exploits0References7
OSV
OSV
added 2016/07/21 12:0 a.m.2 views

UBUNTU-CVE-2016-4651

Cross-site scripting XSS vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting XPXSS" vulnerability...

6.1CVSS7AI score0.02259EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2012/02/09 12:0 a.m.159 views

Apache HTTP Server mod_proxy Reverse Proxy HTTP 0.9 Information Disclosure

The version of Apache HTTP Server running on the remote host has an information disclosure vulnerability. When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web server to proxy requests to arbitrary hosts. This could allow a remote...

5CVSS7.5AI score0.90734EPSS
Exploits13References4
NVD
NVD
added 2011/11/30 4:5 a.m.35 views

CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

4.3CVSS8.8AI score0.52531EPSS
Exploits2References4
Prion
Prion
added 2011/11/30 4:5 a.m.35 views

Design/Logic Flaw

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

4.3CVSS6.9AI score0.90734EPSS
Exploits13References4Affected Software1
Debian CVE
Debian CVE
added 2011/11/30 2:0 a.m.53 views

CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

4.3CVSS7.1AI score0.52531EPSS
Exploits2
Rows per page
Query Builder