IBM Websphere Edge Server 3.69/4.0 - HTTP Header Injection

source: https://www.securityfocus.com/bid/6001/info A vulnerability has been discovered in the Caching Proxy component bundled with the IBM Websphere Edge Server. Due to insufficient sanitization of user-supplied input it is possible for an attacker to construct a malicious link which contains...

CVE-2002-1032

Buffer overflow in KeyFocus KF web server 1.0.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed HTTP header...

PHP 4.2.3 - Header Function Script Injection

source: https://www.securityfocus.com/bid/5669/info PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems. It has been reported that a vulnerability in the PHP header function exists. It may be possible for ...

CVE-2002-1032

Buffer overflow in KeyFocus KF web server 1.0.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed HTTP header...

Web Server HTTP Header Handling Remote Overflow

It was possible to kill the web server by sending an invalid request with a long header name or value. A remote attacker may exploit this vulnerability to make the web server crash continually or even execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if description...

Проблемы в Avirt Gateway Suit (buffer overflow, unauthorized access)

Переполнение буфера при длинном HTTP-заголовке. Кроме того, telnet-прокси позволяет полный консольный доступ к системе...

Web Server HTTP Header Internal IP Disclosure

This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation NAT Firewall or proxy server. There is a known issue with Microsoft IIS 4.0 doing this in its default configuration. This may also affect other web servers, web applications, web proxies,...

CVE-2001-0524

eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier...

CVE-2001-0524

eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier...

Lotus Domino vulnerable to DoS via crafted HTTP header requests

Overview The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Description HTTP requests with uniquely crafted headers using "Accept", "Accept-Charset", "Accept-Encoding", "Accept-Language" or "Content-Type" are not freed properly. This means that...

CVE-2001-0433

Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header...

CVE-2001-0433

Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header...

def-2001-20: Lotus Domino Multiple DoS

====================================================================== Defcom Labs Advisory def-2001-20 Lotus Domino Multiple DoS Author: Peter Grьndl [email protected] Release Date: 2001-04-11 ======================================================================...

PHF (Linux/x86) - Remote Buffer Overflow

/ | phx.c -- phf buffer overflow exploit for Linux-ix86 | Copyright c 2000 by proton. All rights reserved. | | This program is free software; you can redistribute it and/or modify | it under the terms of the GNU General Public License as published by | the Free Software Foundation; either version...

Заткнута дырка в IIS (Specialized Header)

При определенном HTTP-заголовке запроса можно было получить исходные тексты ASP-приложения...

CVE-2020-5220: Ability to define unintended serialisation groups via HTTP header which might lead to data exposure

Impact ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

CVE-2020-5220: Ability to define unintended serialisation groups via HTTP header which might lead to data exposure

Impact ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...