5905 matches found
Lotus Domino Web Server vulnerable to denial of service via incomplete POST request
Overview Lotus Domino Web Server is an application that provides access to Lotus Notes databases via HTTP requests. A vulnerability exists that could permit a remote attacker to cause a denial-of-service situation for HTTP requests. Description Lotus Domino Web Server contains a vulnerability in...
CVE-2002-1718
Microsoft Internet Information Server IIS 5.1 may allow remote attackers to view the contents of a Frontpage Server Extension FPSE file, as claimed using an HTTP request for colegal.htm that contains .. dot dot sequences...
CVE-2002-1999
HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow remote attackers to cause Webproxy to forward requests to the internal network via crafted HTTP requests...
CVE-2002-2009
Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by 1 +/, 2 /, 3 /, and 4 %20/, which leaks the pathname in an error message...
CVE-2002-1368
CVE-2002-1368 affects CUPS 1.1.14–1.1.17 and can be exploited remotely by sending HTTP requests with a negative Content-Length or negative chunked length, causing negative arguments to memcpy() and potentially triggering a crash or arbitrary code execution. The vulnerability arises from improper ...
GoAhead Web Server 2.1.x - .ASP File Source Code Disclosure
GoAhead Web Server 2.1.x - .ASP File Source Code Disclosure source: https://www.securityfocus.com/bid/9239/info A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP request...
GoAhead Web Server 2.1.x - '.ASP' File Source Code Disclosure
source: https://www.securityfocus.com/bid/9239/info A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests. An attacker can append certain characters to the end of a...
Northern Solutions Xeneo Web Server 2.1/2.2 - Denial of Service
source: https://www.securityfocus.com/bid/6098/info A denial of service vulnerability has been reported for Xeneo web server. When the web server processes a malformed HTTP request, it will crash and lead to the denial of service condition. http://www.example.com/% http://www.example.com/%A...
IBM Websphere Caching Proxy 3.6/4.0 - Denial of Service
source: https://www.securityfocus.com/bid/6002/info A vulnerability has been reported in the Caching Proxy component bundled with IBM WebSphere Edge Server. The vulnerability is due to inadequate checks when processing HTTP headers. An attacker can exploit this vulnerability by sending a malforme...
Polycom ViaVideo 2.23.0 - Denial of Service
Polycom ViaVideo 2.23.0 - Denial of Service source: https://www.securityfocus.com/bid/5962/info Polycom ViaVideo devices are prone to a denial of service condition upon receipt of numerous incomplete HTTP requests. This may restrict availability of the device for legitimate users. The device may...
Polycom ViaVideo 2.2/3.0 - Denial of Service
source: https://www.securityfocus.com/bid/5962/info Polycom ViaVideo devices are prone to a denial of service condition upon receipt of numerous incomplete HTTP requests. This may restrict availability of the device for legitimate users. The device may need to be restarted to regain normal...
Jakarta Tomcat serves JSP source code when supplied malformed HTTP request
Overview Tomcat does not adequately validate HTTP requests and may reveal JSP source code if supplied a malformed HTTP request. Description JavaServer Pages JSP is a technology that allows for the creation of dynamic web content. The Apache Jakarta Project implementation of JSP is known as Tomcat...
Novell NetWare 5.1/6.0 - POST Arbitrary Perl Code Execution
source: https://www.securityfocus.com/bid/5520/info A vulnerability has been reported in some versions of Novell NetWare. This issue lies in the handling of some HTTP requests when Perl is used as a handler by a web server. Reportedly, it is possible for an attacker to execute arbitrary Perl code...
Personal Web Sharing Long HTTP Request DoS
It was possible to kill the Personal Web Sharing service by sending it a too long request. C Tenable Network Security, Inc. Script audit and contributions from Carmichael Security Erik Anderson nb: domain no longer exists References: To: [email protected] Subject: Personal Web Sharing...
CVE-2002-0412
Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via 1 an HTTP GET request, 2 a user name in HTTP authentication, or 3 a password in HTTP...
SurfControl SuperScout does not filter web requests fragmented in multiple packets
Overview SurfControl SuperScout Web Filter does not block some HTTP requests that have been fragmented into multiple packets. Description SurfControl SuperScout Web Filter is software intended for companies that wish to limit employees' web surfing to appropriate uses. SuperScout anazlyzes...
LabVIEW Web Server HTTP Get Newline DoS
It was possible to kill the web server by sending a request that ends with two LF characters instead of the normal sequence CR LF CR LF CR = carriage return, LF = line feed. An attacker can exploit this vulnerability to make this server and all LabView applications crash. C Tenable Network...
CVE-2001-1342
Apache httpd before 1.3.20 on Windows and OS/2 is vulnerable to a denial-of-service via a crafted URI containing many slashes or other characters, which causes dereferencing of a NULL pointer in certain functions. The issue leads to a General Protection Fault in a child process when handling the ...
Cisco ATA-186 - HTTP Device Configuration Disclosure
Cisco ATA-186 - HTTP Device Configuration Disclosure source: https://www.securityfocus.com/bid/4711/info The Cisco ATA-186 Analog Telephone Adapter is a hardware device designed to interface between analog telephones and Voice over IP VoIP. It includes support for web based configuration...
Cisco ATA-186 - HTTP Device Configuration Disclosure
source: https://www.securityfocus.com/bid/4711/info The Cisco ATA-186 Analog Telephone Adapter is a hardware device designed to interface between analog telephones and Voice over IP VoIP. It includes support for web based configuration. Reportedly, HTTP requests consisting of a single character...