Squid fails to properly handle oversized reply headers

Overview The Squid web proxy cache may be vulnerable to oversized HTTP reply headers. Description Squid functions as a web proxy and cache application for a number of protocols, including the hypertext transfer protocol HTTP. A defect in the Squid HTTP handling prevents oversized reply headers...

squid -- correct handling of oversized HTTP reply headers

The squid patches page notes: This patch addresses a HTTP protocol mismatch related to oversized reply headers. In addition it enhances the cache.log reporting on reply header parsing failures to make it easier to track down which sites are malfunctioning. It is believed that this bug may lead to...

iDEFENSE Security Advisory 01.19.05: MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities

MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities iDEFENSE Security Advisory 01.19.05 www.idefense.com/application/poi/display?id=187&type=vulnerabilities January 19, 2005 I. BACKGROUND MaxDB by MySQL is a re-branded and enhanced version of SAP DB, SAP AG's open source database...

CVE-2004-2582

Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information...

DEBIAN-CVE-2004-1561

Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers...

CVE-2004-1133

Multiple cross-site scripting XSS vulnerabilities in Microsoft W3Who ISAPI w3who.dll allow remote attackers to inject arbitrary HTML and web script via 1 HTTP headers such as "Connection" or 2 invalid parameters whose values are echoed in the resulting error message...

CVE-2004-1053

CVE-2004-1053 is an integer overflow in FreeBSD's fetch(1) utility (affecting 4.1–5.3) that allows a remote attacker to execute arbitrary code by crafting HTTP headers in a response, triggering a buffer overflow. The issue is caused during HTTP header processing and can enable code execution on t...

CVE-2004-1053

Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow...

CVE-2004-0646

Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as 1 modjrun and 2 modjrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields...

FreeBSD fetch integer overflow

Interger overflow on HTTP headeres parsing...

[Full-Disclosure] FreeBSD Security Advisory FreeBSD-SA-04:16.fetch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:16.fetch Security Advisory The FreeBSD Project Topic: Overflow error in fetch Category: core Module: fetch Announced: 2004-11-18 Credits: Colin Percival Affect...

Overflow error in fetch

An integer overflow condition in fetch1 in the processing of HTTP headers can result in a buffer overflow. A malicious server or CGI script can respond to an HTTP or HTTPS request in such a manner as to cause arbitrary portions of the client's memory to be overwritten, allowing for arbitrary code...

Pavuk: Multiple buffer overflows

Background Pavuk is web spider and website mirroring tool. Description Pavuk contains several buffer overflow vulnerabilities in the code handling digest authentication and HTTP header processing. This issue is similar to GLSA 200407-19, but contains more vulnerabilities. Impact A remote attacker...

CVE-2002-1405

The CVE-2002-1405 issue affects Lynx 2.8.4 and earlier and describes a CRLF injection flaw that lets an attacker add extra HTTP headers via a URL containing encoded CR/LF characters on the command line. Public advisories (Debian DSA-210, RHSA-2003:030, RHSA-2003:030) indicate that updated Lynx pa...

CVE-2002-1405

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters...

CVE-2002-1153

IBM Websphere 4.0.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host"...

[Full-Disclosure] Cross-Site Scripting Vulnerability in Newtelligence DasBlog

ERNW Security Advisory Cross-Site Scripting Vulnerability in Newtelligence DasBlog Author: Dominick Baier [email protected] 1. Summary: A XSS Cross-Site-Scripting Vulnerability in DasBlog's Event and Activity Viewer allows to inject and execute code on the client's machine. This allows an attacker t...

dasBlog Multiple HTTP Headers HTML Injection

Binary data 2193.prm...

Apache - Arbitrary Long HTTP Headers Denial of Service (C)

Apache - Arbitrary Long HTTP Headers Denial of Service C include include include include include include include include include define A 0x41 define PORT 80 struct sockaddrin hrm; int connchar ip int sockfd; hrm.sinfamily = AFINET; hrm.sinport = htonsPORT; hrm.sinaddr.saddr = inetaddrip;...

Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)

Exploit for linux platform in category dos / poc ======================================================== Apache HTTPd Arbitrary Long HTTP Headers DoS c version ======================================================== include include include include include include include include include define ...