Microsoft Internet Explorer does not properly handle cached HTTPS contents

Overview Microsoft Internet Explorer fails to properly validate cached HTTPS contents, allowing an attacker to obtain information or spoof information on a secure web site. Description The HTTPS protocol is used to provide authentication, encryption, integrity, and non-repudiation services to web...

ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer

Below please find our public report for the HTTPS cache poisoning issue in Internet Explorer. It includes workarounds for server operators, allowing them to protect their web services without having to rely on users to patch their browsers. Regards, ACROS Security http://www.acrossecurity.com...

ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer

Below please find our public report for the HTTPS cache poisoning issue in Internet Explorer. It includes workarounds for server operators, allowing them to protect their web services without having to rely on users to patch their browsers. Regards, ACROS Security http://www.acrossecurity.com...

CVE-2002-1098

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound XML-Autoforward/in" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator...

CVE-2002-1157

Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...

CVE-1999-1537

The CVE-1999-1537 vulnerability affects IIS 3.x/4.x, where the server does not distinguish between pages requiring encryption and those that do not. As a result, remote attackers can trigger Denial of Service (resource exhaustion) by sending SSL requests to the HTTPS port for normally unencrypted...

Mozilla Browser HTTP/HTTPS Redirection Weakness (deprecated)

Binary data 1319.prm...

CVE-2004-0700

Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssllog function...

CVE-2004-0700

Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssllog function...

apache13-modssl -- format string vulnerability in proxy support

A OpenPKG Security Advisory reports: Triggered by a report to Packet Storm from Virulent, a format string vulnerability was found in modssl, the Apache SSL/TLS interface to OpenSSL, version up to and including 2.8.18 for Apache 1.3. The modssl in Apache 2.x is not affected. The vulnerability coul...

Oracle web cache buffer overflow

Heap overflow on invalid HTTP/HTTPS request...

Apache 2 mod_ssl denial-of-service

Joe Orton reports a memory leak in Apache 2's modssl. A remote attacker may issue HTTP requests on an HTTPS port, causing an error. Due to a bug in processing this condition, memory associated with the connection is not freed. Repeated requests can result in consuming all available memory...

Apache mod_php and mod_perl file decriptor leak

Descriptor leakage allowws to spoof https session in child process...

Hijacking Apache https by mod_php

Product: PHP - modphp Versions: 4.2.x, 4.3.x / apache 2.0.x URL: http://www.php.net Impact: Daemon Hijacking Bug class: Leaked Descriptor Vendor notified: Yes Fix available: No Date: 12/26/03 Issue: ====== Modphp under apache 2.0.x leaks a critical file descriptor that can be used to takeover...

should be able to login only via https

you should be able to configure JIRA to login via HTTPS. this is almost possible in 2.4.1. You can specify an https URL in security-config.xml as the login.url parameter. this makes loing links from e.g. the issue view page work correctly. a slight problem here is that the session remiains in the...

should be able to login only via https

you should be able to configure JIRA to login via HTTPS. this is almost possible in 2.4.1. You can specify an https URL in security-config.xml as the login.url parameter. this makes loing links from e.g. the issue view page work correctly. a slight problem here is that the session remiains in the...

ISS RealSecure Server Sensor DoS

IF HTTPS request with invalid Unicode characters received service will shut down IIS service...

Secure HyperText Transfer Protocol (S-HTTP) Detection

The remote web server accepts connections encrypted using Secure HyperText Transfer Protocol S-HTTP, a cryptographic layer that was defined in 1999 by RFC 2660 and never widely implemented. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid11720; scriptversion "1.20";...

12Planet Chat Server Administration Authentication Cleartext Credential Disclosure

The remote host is running 12Planet Chat Server, a web-based chat server written in Java. It is, therefore, affected by a credential disclosure vulnerability due to connections to this server being done via cleartext. A man-in-the-middle attacker can exploit this vulnerability to obtain the...

CommuniGate Pro Webmail 4.0.6 - Session Hijacking

!/usr/bin/perl Below is exploit code. Place it into cgi-bin, then recommended make symlink from DocumentRoot/AnyImage.gif to shj.pl, configure at least $url variable, and possible other vars and send victim HTML message with img src to your AnyImage.gif. When victim will read message, script will...