CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2482 matches found

Exploit DB•added 2004/08/02 12:0 a.m.•46 views

Apache - Arbitrary Long HTTP Headers Denial of Service

include include include include include include include include include define A 0x41 define PORT 80 struct sockaddrin hrm; int connchar ip int sockfd; hrm.sinfamily = AFINET; hrm.sinport = htonsPORT; hrm.sinaddr.saddr = inetaddrip; bzero&hrm.sinzero,8; sockfd=socketAFINET,SOCKSTREAM,0;...

7.4AI score

Exploits0

Exploit DB•added 2004/07/22 12:0 a.m.•52 views

Apache - Arbitrary Long HTTP Headers (Denial of Service)

/usr/bin/perl exploit for apache apgetmimeheaderscore vuln adv is here: http://www.guninski.com/httpd1.html version: apache 2 newPeerAddr = $host,PeerPort = $port, Proto = 'tcp' || die "new error$@\n"; binmode$sock; $hostname="Host: $host"; $buf2='A'x50; $buf4='A'x8183; $len=length$buf2; $buf="GE...

7AI score

Exploits0

exploitpack•added 2004/07/22 12:0 a.m.•13 views

Apache - Arbitrary Long HTTP Headers Denial of Service (Perl)

Apache - Arbitrary Long HTTP Headers Denial of Service Perl /usr/bin/perl exploit for apache apgetmimeheaderscore vuln adv is here: http://www.guninski.com/httpd1.html version: apache 2 newPeerAddr = $host,PeerPort = $port, Proto = 'tcp' || die "new error$@\n"; binmode$sock; $hostname="Host:...

7.3AI score

Exploits0

Apache Httpd•added 2004/06/13 12:0 a.m.•38 views

Apache Httpd < 2.0.50 : Header parsing memory leak

A memory leak in parsing of HTTP headers which can be triggered remotely may allow a denial of service attack due to excessive memory consumption...

6.4CVSS4AI score0.90462EPSS

Exploits1Affected Software1

Tenable Nessus•added 2003/04/06 12:0 a.m.•55 views

Abyss Web Server Malformed GET Request Remote DoS

It was possible to kill the remote web server by sending empty HTTP request headers namely Connection: or Range:. An attacker may use this flaw to crash the affected application, thereby denying service to legitimate users. C Tenable Network Security, Inc. References: Date: Sat, 5 Apr 2003 12:21:...

8.5CVSS5.5AI score0.05538EPSS

Exploits1References2

exploitpack•added 2003/04/05 12:0 a.m.•8 views

Abyss Web Server 1.1.2 - Incomplete HTTP Request Denial of Service

Abyss Web Server 1.1.2 - Incomplete HTTP Request Denial of Service source: https://www.securityfocus.com/bid/7287/info A denial of service vulnerability has been reported for Abyss Web Server. The vulnerability exists when Abyss attempts to parse certain incomplete HTTP headers. GET / HTTP/1.0...

0.3AI score

Exploits0

Exploit DB•added 2003/04/05 12:0 a.m.•42 views

Abyss Web Server 1.1.2 - Incomplete HTTP Request Denial of Service

source: https://www.securityfocus.com/bid/7287/info A denial of service vulnerability has been reported for Abyss Web Server. The vulnerability exists when Abyss attempts to parse certain incomplete HTTP headers. GET / HTTP/1.0 Connection: GET / HTTP/1.0 Range:...

7.4AI score

Exploits0

Cvelist•added 2003/04/02 5:0 a.m.•29 views

CVE-2002-0150

Buffer overflow in Internet Information Server IIS 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values...

7.9AI score0.69466EPSS

Exploits0References9

NVD•added 2003/02/19 5:0 a.m.•18 views

CVE-2002-1405

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters...

5CVSS6.8AI score0.13122EPSS

Exploits0References10

CERT•added 2003/01/24 12:0 a.m.•19 views

Web servers enable HTTP TRACE method by default

Overview The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. Attackers could leverage this behavior to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request. Description The HTTP...

6.8AI score

Exploits0References14

Exploit DB•added 2003/01/16 12:0 a.m.•21 views

CSO Lanifex Outreach Project Tool 0.946b - Request Origin Spoofing

source: https://www.securityfocus.com/bid/6630/info It has been reported that OPT accepts the values supplied supplied by users in HTTP headers as the originating IP address of a request. It is possible for a remote host to supply a fake IP address in one of these environment variables that would...

7.4AI score

Exploits0

exploitpack•added 2003/01/16 12:0 a.m.•6 views

CSO Lanifex Outreach Project Tool 0.946b - Request Origin Spoofing

CSO Lanifex Outreach Project Tool 0.946b - Request Origin Spoofing source: https://www.securityfocus.com/bid/6630/info It has been reported that OPT accepts the values supplied supplied by users in HTTP headers as the originating IP address of a request. It is possible for a remote host to supply...

0.6AI score

Exploits0

Exploit DB•added 2002/12/19 12:0 a.m.•253 views

CUPS 1.1.x - Negative Length HTTP Header

source: https://www.securityfocus.com/bid/6437/info A vulnerability has been reported for CUPS that if exploited may result in a DoS or the execute of code on affected systems. An attacker can exploit this vulnerability by connecting to a vulnerable system and issuing malformed HTTP headers with ...

7.4AI score

Exploits0

exploitpack•added 2002/10/18 12:0 a.m.•7 views

IBM Websphere Caching Proxy 3.64.0 - Denial of Service

IBM Websphere Caching Proxy 3.64.0 - Denial of Service source: https://www.securityfocus.com/bid/6002/info A vulnerability has been reported in the Caching Proxy component bundled with IBM WebSphere Edge Server. The vulnerability is due to inadequate checks when processing HTTP headers. An attack...

7.3AI score

Exploits0

NVD•added 2002/10/11 4:0 a.m.•17 views

CVE-2002-1153

IBM Websphere 4.0.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host"...

5CVSS7.7AI score0.0258EPSS

Exploits1References5

Tenable Nessus•added 2002/09/21 12:0 a.m.•67 views

BrowseGate HTTP MIME Headers Remote Overflow

It is possible to kill the remote server by sending it an invalid request with too long HTTP headers Authorization and Referer. BrowseGate proxy is known to be vulnerable to this flaw. An attacker could exploit this vulnerability to cause the web server to crash continually or to execute arbitrar...

5CVSS6.3AI score0.08939EPSS

Exploits0References1

securityvulns•added 2002/09/19 12:0 a.m.•40 views

IBM WebSphere DoS

There is no limit for HTTP headers...

0.4AI score

Exploits0References1

Packet Storm•added 2002/09/11 12:0 a.m.•40 views

phpcrlf.txt

PHP fopen CRLF Injection PROGRAM: PHP VENDOR: The PHP Group HOMEPAGE: http://www.php.net/ VULNERABLE VERSIONS: 4.1.2, 4.2.2, 4.2.3, latest CVS, possibly others IMMUNE VERSIONS: none, but workarounds exist SEVERITY: medium DESCRIPTION: "PHP is a widely-used Open Source general-purpose scripting...

7.4AI score

Exploits0

exploitpack•added 2002/08/19 12:0 a.m.•24 views

Lynx 2.8.x - Command Line URL CRLF Injection

Lynx 2.8.x - Command Line URL CRLF Injection source: https://www.securityfocus.com/bid/5499/info A CRLF injection vulnerability has been reported for Lynx that may allow an attacker to include extra HTTP headers when viewing web pages. If Lynx is called from the command line, carriage return and...

Exploits0

Exploit DB•added 2002/08/19 12:0 a.m.•31 views

Lynx 2.8.x - Command Line URL CRLF Injection

source: https://www.securityfocus.com/bid/5499/info A CRLF injection vulnerability has been reported for Lynx that may allow an attacker to include extra HTTP headers when viewing web pages. If Lynx is called from the command line, carriage return and line feed CRLF characters may be included in...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by