CVE-2015-4515

Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message...

Information disclosure through NTLM authentication — Mozilla

Security researcher Tim Brown reported that Firefox discloses the hostname and possibly the Windows domain through NTLM-based HTTP authentication when sending type 3 messages as part of the authentication exchange. This is because the Workstation field is populated with the hostname of the system...

Amazon Linux: Security Advisory (ALAS-2012-107)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-3754

The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...

CVE-2015-3754

The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...

CVE-2015-3754

The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...

CVE-2015-3675

The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the modhfsapple module, which allows remote attackers to bypass HTTP authentication via a crafted URL...

Default configuration

The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the modhfsapple module, which allows remote attackers to bypass HTTP authentication via a crafted URL...

CVE-2015-3675

The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the modhfsapple module, which allows remote attackers to bypass HTTP authentication via a crafted URL...

CVE-2015-3675

The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the modhfsapple module, which allows remote attackers to bypass HTTP authentication via a crafted URL...

CVE-2015-3200

modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...

CVE-2015-3200

The CVE-2015-3200 entry concerns lighttpd mod_auth prior to 1.4.36. A remote attacker can inject log entries via a basic-auth string without a colon, demonstrated using a NULL/newline in the string. Impact is log injection; some references note potential information exposure. Remediation exists: ...

CVE-2015-3200

modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...

CVE-2015-3200

modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...

lighttpd -- Log injection vulnerability in mod_auth

MITRE reports: modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...

Unspecified Vulnerability in Websense TRITON AP-WEB

Websense TRITON is the Unified Content Architecture for data security. Websense TRITON AP-WEB HTTP authentication unspecified security vulnerability allows attackers to submit a special request to enumerate windows domain users...

CVE-2015-2762

Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication...

CVE-2015-2762

Websense TRITON AP-WEB (before 8.0.0) is affected. The vulnerability allows remote attackers to enumerate Windows domain user accounts via HTTP authentication-related vectors. Root cause is exposure in the AP-WEB authentication flow prior to version 8.0.0. Impact includes potential information di...

CVE-2015-2762

Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication...

Oracle Solaris Third-Party Patch Update : lighttpd (cve_2011_4362_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - Integer signedness error in the base64decode function in the HTTP authentication functionality httpauth.c in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial...