872 matches found
JVN#72541530: Active! mail 6 vulnerable to HTTP header injection
Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response splitting attacks are also possible. Soluti...
Oracle Sun Java System Web Server - HTTP Response Splitting
Oracle Sun Java System Web Server - HTTP Response Splitting Description Security-Assessment.com discovered that is possible to successfully perform an HTTP Response Splitting attack against applications served by Sun Java System Web Server. The vulnerability can be exploited if user supplied inpu...
CVE-2010-2375: WebLogic Plugin HTTP Injection via Encoded URLs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin...
CVE-2008-7257
Cisco ASA WebVPN (WebVPN on ASA) is affected by a CRLF injection/HTTP response splitting vulnerability tracked as CVE-2008-7257. The flaw occurs in +webvpn+/index.html for ASA 5580-series devices with software before 8.1(2). An attacker can craft a URL containing %0d%0a sequences to inject arbitr...
Design/Logic Flaw
Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066...
CVE-2010-2504
CVE-2010-2504 affects Splunk 4.0–4.0.10 and 4.1–4.1.1. The issue is HTTP header injection that allows remote authenticated users to obtain sensitive information (SPL-31066). Root cause details beyond “HTTP header injection” are not provided in the connected documents. Impact is noted as exposure ...
CVE-2010-2504
Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066...
Apache Axis 1.5 Session Fixation
===== Tempest Security Intelligence - Advisory 02 / 2010 =========== Vulnerability = 'Apache Axis Session Fixation Vulnerability' Authors = 'Tiago Ferreira ' 'Leandro Oliveira ' ======== Table of Contents =========================================== 1. Overview 2. Detailed description 3. Other...
Debian DSA-1950-1 : webkit - several vulnerabilities
Several vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute...
LogMeIn 4.0.784 - cfgadvanced.html HTTP Header Injection
LogMeIn 4.0.784 - cfgadvanced.html HTTP Header Injection source: https://www.securityfocus.com/bid/35236/info LogMeIn is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP...
LogMeIn 4.0.784 - 'cfgadvanced.html' HTTP Header Injection
source: https://www.securityfocus.com/bid/35236/info LogMeIn is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch various attacks,...
Crlf injection
CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter...
JVN#28020230 Web Mailer from CGI RESCUE vulnerable to HTTP header injection
Web Mailer from CGI RESCUE is a software that sends emails with contents that are input into a HTML form. Web Mailer contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response...
DEBIAN-CVE-2009-1149
CRLF injection vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the 1 ctype and possibly 2 filetype parameters...
Ruby on Rails redirect_to() HTTP Header Injection Vulnerability - Linux
The host is running Ruby on Rails, which is prone to HTTP Header Injection Vulnerability. OpenVAS Vulnerability Test $Id: gbrubyrailshttpheaderinjvulnlin.nasl 4227 2016-10-07 05:45:35Z teissa $ Ruby on Rails redirectto HTTP Header Injection Vulnerability - Linux Authors: Veerendra GG Copyright:...
Ruby on Rails redirect_to() HTTP Header Injection Vulnerability (Oct 2008) - Linux
Ruby on Rails is prone to a HTTP Header injection vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Mono 2.0 - 'System.Web' HTTP Header Injection
source: https://www.securityfocus.com/bid/30867/info Mono is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch cross-site request-forgery,...
Apache Tomcat HttpServletResponse.sendError()跨站脚本漏洞
BUGTRAQ ID: 30496 CVECAN ID: CVE-2008-1232 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat不仅在错误页面中显示了HttpServletResponse.sendError调用的消息参数,同时也在HTTP响应的reason-phrase中使用,这就可能在HTTP头中包含非法字符。特制的消息可能导致跨站脚本攻击,向HTTP响应中注入任意内容。 Apache Group Tomcat 6.0.x Apache Group Tomcat 5.5.x Apache Group Tomcat 4.1.x...
CGI RESCUE WebFORM vulnerable to HTTP header injection
Overview WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers. Impact Falsified information may be displayed or an arbitrary scri...
[MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling.
MSA01240108: IE7 allows overwriting of several headers leading to Http request Splitting and smuggling. Date: March 21th, 2008 Tested Versions: Internet Explorer 7.0.5730.11 Tested OS: Windows XP Professional SP2 Italian Minded Security ReferenceID: MSA02240108 Credits: Discovery by Stefano Di...