Lucene search
K

3629 matches found

NVD
NVD
added 2005/09/23 7:3 p.m.24 views

CVE-2005-2703

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting...

5CVSS6.5AI score0.01789EPSS
Exploits0References31
CVE
CVE
added 2005/09/23 4:0 a.m.106 views

CVE-2005-2703

CVE-2005-2703 affects Firefox up to 1.0.7 and Mozilla Suite up to 1.7.12. The issue lets a remote attacker modify HTTP headers of XML HTTP requests made via XMLHttpRequest, potentially enabling attacks such as HTTP request smuggling or splitting. This is triggered by how XMLHttpRequests are handl...

5CVSS6.5AI score0.01789EPSS
Exploits0References31Affected Software2
Debian
Debian
added 2005/09/08 6:0 a.m.44 views

[SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling

-------------------------------------------------------------------------- Debian Security Advisory DSA 803-1 [email protected] http://www.debian.org/security/ Martin Schulze September 8th, 2005 http://www.debian.org/security/faq -...

4.3CVSS0.1AI score0.20461EPSS
Exploits1
Debian
Debian
added 2005/09/08 6:0 a.m.26 views

[SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling

-------------------------------------------------------------------------- Debian Security Advisory DSA 803-1 [email protected] http://www.debian.org/security/ Martin Schulze September 8th, 2005 http://www.debian.org/security/faq -...

4.3CVSS5.9AI score0.20461EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2005/08/01 12:0 a.m.30 views

FreeBSD : apache -- http request smuggling (651996e0-fe07-11d9-8329-000e0c2e438a)

A Watchfire whitepaper reports an vulnerability in the Apache webserver. The vulnerability can be exploited by malicious people causing cross site scripting, web cache poisoining, session hijacking and most importantly the ability to bypass web application firewall protection. Exploiting this...

4.3CVSS7.8AI score0.20461EPSS
Exploits1References3
NVD
NVD
added 2005/07/05 4:0 a.m.37 views

CVE-2005-2089

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the bo...

4.3CVSS6.1AI score0.3097EPSS
Exploits0References4
OSV
OSV
added 2005/07/05 4:0 a.m.10 views

CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...

5.8AI score
Exploits0References97
NVD
NVD
added 2005/07/05 4:0 a.m.15 views

CVE-2005-2092

BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forwar...

4.3CVSS6.1AI score0.01515EPSS
Exploits1References5
NVD
NVD
added 2005/07/05 4:0 a.m.21 views

CVE-2005-2090

Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...

4.3CVSS5.8AI score0.29784EPSS
Exploits4References49
NVD
NVD
added 2005/07/05 4:0 a.m.16 views

CVE-2005-2093

Oracle 9i Application Server Oracle9iAS 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to...

4.3CVSS5.9AI score0.04945EPSS
Exploits1References4
NVD
NVD
added 2005/07/05 4:0 a.m.34 views

CVE-2005-2091

IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle an...

4.3CVSS6AI score0.01515EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2005/07/05 4:0 a.m.22 views

CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...

4.3CVSS7.3AI score0.20461EPSS
Exploits1References2
NVD
NVD
added 2005/07/05 4:0 a.m.25 views

CVE-2005-2094

Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward...

4.3CVSS6.1AI score0.0142EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/06/30 4:0 a.m.30 views

CVE-2005-2092

BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forwar...

6.1AI score0.01515EPSS
Exploits1References5
CVE
CVE
added 2005/06/30 4:0 a.m.256 views

CVE-2005-2090

CVE-2005-2090 affects Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0): it enables HTTP Request Smuggling via a request containing both Transfer-Encoding: chunked and Content-Length, causing the body to be mis‑interpreted and processed as a new request. This issue is noted to hav...

4.3CVSS3.6AI score0.29784EPSS
Exploits4References49Affected Software1
Cvelist
Cvelist
added 2005/06/30 4:0 a.m.20 views

CVE-2005-2091

IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle an...

6AI score0.01515EPSS
Exploits1References5
Cvelist
Cvelist
added 2005/06/30 4:0 a.m.34 views

CVE-2005-2090

Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...

3.6AI score0.29784EPSS
Exploits4References49
CVE
CVE
added 2005/06/30 4:0 a.m.61 views

CVE-2005-2091

CVE-2005-2091 affects IBM WebSphere 5.0/5.1. The vulnerability arises from how WebSphere handles HTTP requests that include both Transfer-Encoding: chunked and a Content-Length header, causing the body to be forwarded in a way that can be treated as a separate HTTP request. This enables remote at...

4.3CVSS6.2AI score0.01515EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2005/06/30 4:0 a.m.30 views

CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...

9.1AI score0.20461EPSS
Exploits1References59
CVE
CVE
added 2005/06/30 4:0 a.m.68 views

CVE-2005-2094

Sun SunONE web server 6.1 SP1 is affected by CVE-2005-2094. The vulnerability arises in HTTP request processing when a request contains both Transfer-Encoding: chunked and Content-Length headers, leading SunONE to mishandle and forward the request body as if it were a separate HTTP request. This ...

4.3CVSS6.4AI score0.0142EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder