Debian DSA-3133-1 : privoxy - security update

Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing HTTP proxy. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3133. The text itself is copyright C Software in the...

[SECURITY] [DSA 3133-1] privoxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3133-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2015 http://www.debian.org/security/faq -...

DSA-3133-1 privoxy - security update

Bulletin has no description...

Debian Security Advisory DSA 3133-1 (privoxy - security update)

Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing HTTP proxy. OpenVAS Vulnerability Test $Id: deb3133.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3133-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 201...

Debian: Security Advisory (DSA-3133-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

curl: url request injection

When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected...

[SECURITY] [DLA 134-1] curl security update

Package : curl Version : 7.21.0-2.1+squeeze11 CVE ID : CVE-2014-8150 Andrey Labunets of Facebook discovered that cURL, an URL transfer library, fails to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted U...

CVE-2014-8150

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...

CVE-2014-8150

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...

Crlf injection

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...

CVE-2014-8150

CVE-2014-8150 is a CRLF injection flaw in libcurl 6.0–7.x prior to 7.40.0. When using an HTTP proxy, an attacker can inject arbitrary HTTP headers and trigger HTTP response splitting via CRLF sequences in the URL. The vulnerability is demonstrated in the public description: it affects libcurl and...

CVE-2014-8150

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...

CVE-2014-8150

CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL...

CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

CVE-2014-8639

CVE-2014-8639 affects Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32. It improperly interprets Set-Cookie headers in responses with a 407 Proxy Authentication Required status, enabling a remote proxy to perform session fixation by inj...

DLA-134-1 curl - security update

Bulletin has no description...

CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

Mandriva Linux Security Advisory : curl (MDVSA-2015:021)

Updated curl packages fix security vulnerability : When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program t...

[ MDVSA-2015:021 ] curl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:021 http://www.mandriva.com/en/support/security/ Package : curl Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated curl packages fix security vulnerability: When libcurl sends...