Lucene search
K

35 matches found

RedHat Linux
RedHat Linux
added 2019/11/06 9:47 a.m.4 views

python: CRLF injection via the path part of the url passed to urlopen()

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

6.1CVSS6.7AI score0.05406EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2019/09/30 12:0 a.m.35 views

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2019-2080)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/',...

5.3CVSS6.2AI score0.1786EPSS
Exploits0References2
NVD
NVD
added 2019/06/11 9:29 p.m.21 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6.3AI score0.1786EPSS
Exploits0References40
OSV
OSV
added 2019/06/11 9:29 p.m.24 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6.7AI score
Exploits0References40
Debian CVE
Debian CVE
added 2019/06/11 8:49 p.m.58 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6AI score0.1786EPSS
Exploits0
CVE
CVE
added 2019/06/11 8:49 p.m.4481 views

CVE-2019-0220

CVE-2019-0220 affects Apache HTTP Server 2.4.0–2.4.38. The issue arises when the path component of a request URL contains multiple consecutive slashes; directives like LocationMatch and RewriteRule must account for duplicates in regular expressions because the server may collapse or mishandle the...

5.3CVSS6.4AI score0.1786EPSS
Exploits0References40Affected Software1
AlpineLinux
AlpineLinux
added 2019/06/11 8:49 p.m.54 views

CVE-2019-0220

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing wi...

5.3CVSS6.7AI score0.1786EPSS
Exploits0
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.111 views

Apache HTTP Server < 2.4.39 URL Normalization Vulnerability - Windows

When the path component of a request URL contains multiple consecutive slashes SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS6.9AI score0.1786EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/04/08 12:0 a.m.73 views

Apache HTTP Server < 2.4.39 Multiple Vulnerabilities

Binary data 700509.prm...

7.8CVSS6.9AI score0.65005EPSS
Exploits8References7
OSV
OSV
added 2019/03/23 12:0 a.m.1 views

UBUNTU-CVE-2019-9947

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

6.1CVSS6.8AI score0.05406EPSS
Exploits1References6
Prion
Prion
added 2018/07/09 5:29 p.m.17 views

Directory traversal

Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and ...

6.4CVSS7.5AI score0.02632EPSS
Exploits3References2Affected Software32
Positive Technologies
Positive Technologies
added 2017/04/04 12:0 a.m.4 views

PT-2017-17724 · Proftpd +2 · Proftpd +2

Name of the Vulnerable Software and Affected Versions: ProFTPD versions prior to 1.3.5e ProFTPD versions 1.3.6 prior to 1.3.6rc5 Description: The issue allows attackers with local access to bypass the AllowChrootSymlinks control by replacing a path component other than the last one with a symboli...

10CVSS5.8AI score0.74254EPSS
Exploits8References70
RedHat Linux
RedHat Linux
added 2014/06/19 5:52 p.m.6 views

kernel: fs: slab corruption due to the invalid last component type during do_filp_open()

The dofollowlink function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service incorrect free operations and system crash via an open system call...

5.5CVSS6.3AI score0.00538EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/11/11 6:24 p.m.5 views

httpd: mod_proxy_ftp globbing XSS

A flaw was found in the modproxyftp module. Where Apache is configured to support ftp-over-httpd proxying, a remote attacker could perform a cross-site scripting attack. CVE-2008-2939...

4.3CVSS7AI score0.38953EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2007/01/17 12:0 a.m.35 views

Fedora Core 4 : kernel-2.6.16-1.2107_FC4 (2006-500)

An update to the latest upstream -stable snapshot 2.6.16.13 Among quite a few bug-fixes, are two security related fixes : Don't allow a backslash in a path component CVE-2006-1863 NETFILTER: SCTP conntrack: fix infinite loop CVE-2006-1527 Detailed changelogs of the last few point releases can be...

5CVSS5.3AI score0.03815EPSS
Exploits1References5
Rows per page
Query Builder