CVE-2009-2070

Opera displays a cached certificate for a 1 4xx or 2 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a...

CVE-2009-2057

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL...

CVE-2009-2058

Apple Safari before 3.2.2 is affected by CVE-2009-2058 where the HTTP Host header is used to determine the document context in a (1) 4xx or (2) 5xx CONNECT response from a proxy, enabling a man-in-the-middle to modify the response and execute arbitrary web scripts (SSL-tampering). Connected sourc...

CVE-2009-2069

Microsoft Internet Explorer before 8 displays a cached certificate for a 1 4xx or 2 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, an...

CVE-2009-2072

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted 1 4xx or 2 5xx CONNECT response page for an https request sent through a proxy server...

CVE-2009-2071

Removed by vendor...

Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-779-1)

Several flaws were discovered in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2009-1392,...

USN-779-1: Firefox and Xulrunner vulnerabilities

Several flaws were discovered in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. CVE-2009-1392,...

CVE-2009-1836

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying...

Hardcoded credentials

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying...

CVE-2009-1836

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying...

CVE-2009-1836

CVE-2009-1836: The vulnerability arises from how Mozilla Firefox (pre-3.0.11), Thunderbird (pre-2.0.0.22), and SeaMonkey (pre-1.1.17) use the HTTP Host header to determine the document context in a non-200 CONNECT response from a proxy. This can enable a man-in-the-middle attacker to modify the C...

CVE-2009-1836

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying...

SSL tampering via non-200 responses to proxy CONNECT requests — Mozilla

Microsoft security researchers Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang reported that when a CONNECT request is sent to a proxy server and a non-200 response is returned, then the body of the response is incorrectly rendered within the context of the request Host: header. An active...

Qbik WinGate HTTP Proxy Server Access Controls Bypass Vulnerability

This host is running WinGate HTTP Proxy Server and is prone to access controls bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodwingatehttpproxyservaclbypassvuln.nasl 5390 2017-02-21 18:39:27Z mime $ Qbik WinGate HTTP Proxy Server Access Controls Bypass Vulnerability Authors: Sharath S...

Design/Logic Flaw

Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle 1 a long value in an ADD or 2 long string attributes, which allows remote attackers to cause a denial of service JDBC backend...

CVE-2009-0609

Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle 1 a long value in an ADD or 2 long string attributes, which allows remote attackers to cause a denial of service JDBC backend...

CVE-2009-0609

CVE-2009-0609 affects Sun Java System Directory Proxy Server (within Sun Java System Directory Server Enterprise Edition) versions 6.0–6.3. When a JDBC data source is used, the server does not properly handle (1) a long value in an ADD or (2) long string attributes, enabling remote attackers to c...

[SECURITY] Fedora 10 Update: squid-3.0.STABLE13-1.fc10

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

CVE-2009-0468

Multiple cross-site request forgery CSRF vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that 1 shutdown the server, 2 send ping packets, 3 enable network services, 4 configure a...