CVE-2012-2213

CVE-2012-2213 affects Squid 3.1.9. The issue allows remote attackers to bypass access control for the CONNECT method by supplying an arbitrary hostname in the Host HTTP header, enabling potential access to blocked sites via SSL. The core cause is host header-based ACL evaluation in the CONNECT ha...

Design/Logic Flaw

Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inboundproxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote attackers to bypass the lockout policy via a series of authentication...

CVE-2012-0475

The CVE-2012-0475 issue affects Mozilla Firefox 4.x–11.0, Thunderbird 5.0–11.0, and SeaMonkey before 2.9, caused by improper construction of Origin and Sec-WebSocket-Origin HTTP headers that could allow bypassing an IPv6 literal ACL via cross-site XMLHttpRequest or WebSocket on a nonstandard port...

Squid Proxy 'Host' HTTP标头安全限制绕过漏洞

BUGTRAQ ID: 53024 Squid是一个高效的Web缓存及代理程序，最初是为Unix平台开发的，现在也被移植到Linux和大多数的Unix类系统中，最新的Squid可以运行在Windows平台下。 Squid Proxy在过滤规则的实现上存在安全漏洞，成功攻击可允许攻击者绕过某些安全限制。 0 Squid Web Proxy Cache 3.1.19 厂商补丁： Squid ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.squid-cache.org import...

McAfee Web Gateway 7.1.5.x - 'Host' HTTP Header Security Bypass

source: https://www.securityfocus.com/bid/53015/info McAfee Web Gateway is prone to a security-bypass vulnerability because it fails to properly enforce filtering rules. A successful attack will allow an attacker to bypass intended security restrictions; this may aid in other attacks. McAfee Web...

Apache Traffic Server 3.0.x < 3.0.4 / 3.1.x < 3.1.3 Host HTTP Header Parsing Remote Overflow

According to its banner, the version of Apache Traffic Server running on the remote host is 3.0.x prior to 3.0.4 or 3.1.x prior to 3.1.3. It is, therefore, affected by a heap-based buffer overflow vulnerability when handling malicious HTTP host headers. A remote, unauthenticated attacker can...

at32 Reverse Proxy Multiple HTTP Header Fields DoS Vulnerability

at32 Reverse Proxy is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nginx < 1.0.14 / 1.1.17 HTTP Header Response Memory Disclosure

The remote web server is running nginx, a lightweight, high performance web server / reverse proxy and email IMAP/POP3 proxy. According to its Server response header, the installed version of nginx is earlier than 1.0.14 or is 1.1.x before 1.1.17 and is, therefore, affected by a memory disclosure...

at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability

Title: at32 Reverse Proxy - Multiple HTTP Header Field Denial Of Service Vulnerability Product : at32 Reverse Proxy Version : v1.060.310 Vendor: http://www.at32.com/doc/rproxy.htm Class: Boundary Condition Error CVE: Remote: Yes Local: No Published: 2012-03-14 Updated: Impact : Medium CVSS2 Base ...

at32 Reverse Proxy 1.060.310 Denial Of Service

Title: at32 Reverse Proxy - Multiple HTTP Header Field Denial Of Service Vulnerability Product : at32 Reverse Proxy Version : v1.060.310 Vendor: http://www.at32.com/doc/rproxy.htm Class: Boundary Condition Error CVE: Remote: Yes Local: No Published: 2012-03-14 Updated: Impact : Medium CVSS2 Base ...

Mozilla Thunderbird 10.x < 10.0.3 Multiple Vulnerabilities

Binary data 6352.prm...

Mozilla Thunderbird 10.x < 10.0.3 Multiple Vulnerabilities

Binary data 801370.prm...

Mozilla Firefox 10.x < 10.0.3 Multiple Vulnerabilities

Binary data 801284.prm...

Mozilla SeaMonkey 2.x < 2.8 Multiple Vulnerabilities

Binary data 801337.prm...

SeaMonkey 2.x < 2.8 Multiple Vulnerabilities

Binary data 6354.prm...

Mozilla Firefox ESR 10.x < 10.0.3 Multiple Vulnerabilities

Binary data 6350.prm...

Firefox < 10.0.3 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 10.0.3 and thus, is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context ...

Thunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected...

SeaMonkey < 2.8.0 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.8.0. Such versions are potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the...

Mozilla Thunderbird 10.0.x < 10.0.3 Multiple Vulnerabilities

The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected...