Moderate: Red Hat Security Advisory: httpd security and bug fix update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2016-8743

It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a...

Eclipse Foundation Jetty Web Server HttpParser Remote Information Disclosure (CVE-2015-2080)

An information disclosure vulnerability exists in Eclipse Foundation Jetty Web Server. The vulnerability is due to improper parsing of HTTP requests that can lead to information disclosure via HTTP responses from the server. A remote attacker can exploit this vulnerability by sending HTTP request...

Jetty 9.2.8 Shared Buffer Leakage Vulnerability

Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests and responses submitted to the server by other users. Jetty versions 9.2.3 through 9.2.8 are affected...

Monkey HTTPD 1.1.1 - Crash PoC

No description provided by source. Title: ====== Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: ===== 2013-05-28 References: =========== http://bugs.monkey-project.com/ticket/181 Introduction: ============= Monkey is a lightweight and powerful web server for GNU/Linux. It has been...

[Suricata 1.4.7] Open Source Next Generation Intrusion Detection and Prevention Engine

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. OISF is part of and funded by the Department of...

CVE-2013-6627

net/http/httpstreamparser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational aka 1xx status codes, which allows remote web servers to cause a denial of service out-of-bounds read via a crafted response...

CVE-2013-6627

net/http/httpstreamparser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational aka 1xx status codes, which allows remote web servers to cause a denial of service out-of-bounds read via a crafted response...

DEBIAN-CVE-2012-2330

The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...

HTTP Server Security Vulnerability: Please upgrade to 0.6.17

HTTP Server Security Vulnerability: Please upgrade to 0.6.17 tl;dr A carefully crafted attack request can cause the contents of the HTTP parser's buffer to be appended to the attacking request's header, making it appear to come from the attacker. Since it is generally safe to echo back contents o...

Buffer overflow

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...

CVE-2009-2629

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...

DEBIAN-CVE-2009-2629

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...

CVE-2009-2629

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...

Debian: Security Advisory (DSA-1686-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1686-1 (no-ip)

The remote host is missing an update to no-ip announced via advisory DSA 1686-1. OpenVAS Vulnerability Test $Id: deb16861.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1686-1 no-ip Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Debian DSA-1686-1 : no-ip - buffer overflow

A buffer overflow has been discovered in the HTTP parser of the No-IP.com Dynamic DNS update client, which may result in the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

DSA-1686-1 no-ip - arbitrary code execution

Bulletin has no description...

Gentoo Security Advisory GLSA 200403-13 (mplayer)

The remote host is missing updates announced in advisory GLSA 200403-13. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2004-0386

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header...