131 matches found
CVE-2020-8890
An issue was discovered in MISP before 2.4.121. It mishandled time skew between the machine hosting the web server and the machine hosting the database when trying to block a brute-force series of invalid requests...
CVE-2020-8892
An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests...
CVE-2019-16789
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...
UBUNTU-CVE-2019-9514
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the...
CVE-2019-13449
In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service continual focus grabs via a sequence of invalid launch?action=join&confno= requests to localhost port 19421...
Hostname Enumeration
github.com/mholt/caddy is vulnerable to hostname enumeration. The vulnerability is possible because the library does not properly return correct certificates if the request is invalid. Using this loophole, an attacker can intentionally send repeated invalid requests with a nonexistent hostname in...
How to enable "Drop Invalid HTTP Requests" from default HTTP Parameters
This article provides instructions onHow to enable "Drop Invalid HTTP Requests" from default HTTP Parameters...
Input validation
The SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation for example, where the request is validated for authenticity and validity and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server IGS d...
Unspecified Cross-Site Request Forgery Vulnerability in Multiple SAP Sybase Products
Several SAP Sybase products are products of SAP Germany. An unspecified cross-site request forgery vulnerability exists in multiple SAP Sybase products, which arises from a program that does not properly validate HTTP requests. A remote attacker could exploit the vulnerability to perform certain...
MIT Kerberos 5 S4U2Self or S4U2Proxy Request Denial of Service Vulnerability
MIT Kerberos 5 is a set of network authentication protocols, which uses a client/server structure, and both the client and server side can authenticate each other, preventing eavesdropping, preventing replay attacks and so on. MIT Kerberos 5 has a security vulnerability in handling invalid S4U2Se...
UBUNTU-CVE-2017-11368
In MIT Kerberos 5 aka krb5 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests...
DEBIAN-CVE-2017-12425
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...
ALPINE-CVE-2017-12425
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...
UBUNTU-CVE-2017-12425
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...
PT-2017-12550 · Varnish · Varnish Http Cache
Name of the Vulnerable Software and Affected Versions: Varnish HTTP Cache versions 4.0.1 through 4.0.4 Varnish HTTP Cache versions 4.1.0 through 4.1.7 Varnish HTTP Cache version 5.0.0 Varnish HTTP Cache versions 5.1.0 through 5.1.2 Description: An issue was discovered in the varnishd source code,...
CVE-2017-7408
Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license...
PAFileDB 3.1 Error Message Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11817/info paFileDB is prone to an installation path disclosure. If invalid requests are made to certain scripts, the installation path is included in the returned error message...
MyAbraCadaWeb 1.0 Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7126/info MyABraCaDaWeb is reported to disclose path information in error messages when handling some invalid requests. This information could be useful in further attacks against a system hosting the software...
UBUNTU-CVE-2013-1831
lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message...
DEBIAN-CVE-2011-4597
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series ...