CVE-2002-0778

CVE-2002-0778 concerns Cisco’s Transparent Cache Engine / Content Engine proxy in its default configuration. The issue allows remote attackers to leverage HTTPS to initiate TCP connections to allowed IP addresses while concealing the true source IP. Documented impact: partial confidentiality, int...

security flaw

Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...

CVE-2002-1157

Cross-site scripting vulnerability in the modssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a...

CVE-2002-1098

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound XML-Autoforward/in" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator...

CVE-2002-0778

The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP...

CVE-2002-0792

The web management interface for Cisco Content Service Switch CSS 11000 switches allows remote attackers to cause a denial of service soft reset via 1 an HTTPS POST request, or 2 malformed XML data...

CVE-2002-0792

The CVE-2002-0792 entry covers the Cisco Content Service Switch (CSS) 11000 series web management interface vulnerability. Reports from NVD and CERT indicate that remote attackers can trigger a denial-of-service by sending either an HTTPS POST request or malformed XML data, causing the device to ...

Cisco Content Service Switch reboots when HTTPS POST request is sent to web management interface

Overview The Cisco Content Service Switch contains a denial-of-service vulnerability that allows remote attackers to reboot affected devices. Description The Cisco Content Service Switch CSS products include support for the session and application layers. This additional functionality allows a CS...

HTTP proxy default configurations allow arbitrary TCP connections

Overview Multiple vendors' HTTP proxy services use insecure default configurations that could allow an attacker to make arbitrary TCP connections to internal hosts or to external third-party hosts. Description HTTP proxy services commonly support the HTTP CONNECT method, which is designed to crea...

CVE-2000-0739

Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. dot dot attack in an HTTPS request to the enrollment server...

Microsoft IIS 4.05.06.0 - Internal IP AddressInternal Network Name Disclosure

Microsoft IIS 4.05.06.0 - Internal IP AddressInternal Network Name Disclosure source: https://www.securityfocus.com/bid/3159/info A vulnerability has been discovered in Microsoft IIS that may disclose the internal IP address or internal network name to remote attackers. This vulnerability can be...

Microsoft IIS 4.0/5.0/6.0 - Internal IP Address/Internal Network Name Disclosure

source: https://www.securityfocus.com/bid/3159/info A vulnerability has been discovered in Microsoft IIS that may disclose the internal IP address or internal network name to remote attackers. This vulnerability can be exploited if an attacker connects to a host using HTTPS typically on port 443...

CVE-2001-0606

The CVE-2001-0606 entry concerns iPlanet Web Server 4.X on HP-UX 11.04 (VVOS) with VirtualVault A.04.00, where a remote attacker can cause a denial of service via the HTTPS service. The connected sources (NVD/CVE records) provide the affected product and the vulnerability class (remote DoS over H...

CVE-2000-0740

Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port...

NAI Net Tools PKI Server 1.0 - 'strong.exe' Remote Buffer Overflow

source: https://www.securityfocus.com/bid/1536/info Certain versions of Network Associates Inc.'s Net Tools PKI Public Key Infrastructure server ship with a buffer overflow vulnerability which could lead to a remote compromise of the system running the PKI server. The problem lies within the...

DUO-PSA-2020-003: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2020-003 Publication Date: 2020-06-30 Revision Date: 2020-06-30 Status: Confirmed, Fixed Document Revision: 2 Overview Duo has identified and fixed an issue in the Duo Connect client that allows end-users to choose insecure configurations. If...