182 matches found
Design/Logic Flaw
api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim...
CVE-2010-2787
api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim...
CVE-2010-2787
CVE-2010-2787 affects MediaWiki up to version 1.15.4 (public caching headers used for private data). Remote attackers could bypass access controls by retrieving documents from a shared HTTP proxy cache previously used by a victim. Impact: partial disclosure of sensitive data. Mitigation: upgrade ...
CVE-2010-2787
api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim...
Squid Web代理缓存HTCP请求远程拒绝服务漏洞
BUGTRAQ ID: 38212 CVE ID: CVE-2010-0639 Squid是一个高效的Web缓存及代理程序,最初是为Unix平台开发的,现在也被移植到Linux和大多数的Unix类系统中,最新的Squid可以运行在Windows平台下。 远程攻击者可以通过向Squid的HTCP端口发送畸形报文触发空指针引用,导致Squid崩溃。 Squid Web Proxy Cache 3.0 Squid Web Proxy Cache 2.x 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: 对于Squid-2.x 明确配置htcpport...
Mod_proxy from apache 1.3 - Integer overflow which causes heap overflow.
Name: Modproxy from apache 1.3 - Integer overflow which causes heap overflow. Author: Adam Zabrocki [email protected] or [email protected] Date: Jan 27, 2010 Issue: Modproxy from apache 1.3.xx tested on latest version - 1.3.41 allows local and remote attackers to overflow buffer on heap via integer...
Mod_proxy From Apache 1.3 Integer Overflow
Name: Modproxy from apache 1.3 - Integer overflow which causes heap overflow. Author: Adam Zabrocki or Date: Jan 27, 2010 Issue: Modproxy from apache 1.3.xx tested on latest version - 1.3.41 allows local and remote attackers to overflow buffer on heap via integer overflow vulnerability...
Squid多个远程拒绝服务漏洞
Bugraq ID: 35812 CNCAN ID:CNCAN-2009072805 Squid是一款功能强大的代理服务器和Web缓存服务器。 Squid存在安全问题,远程攻击者可以利用漏洞使应用程序崩溃。 -当处理特殊构建的请求或应答时不正确的缓冲区限制和相关的边界检查,可导致拒绝服务攻击。 -当处理特殊构建的应答时不正确的数据验证,可导致拒绝服务攻击。 Squid Web Proxy Cache 3.1 5 Squid Web Proxy Cache 3.1 4 Squid Web Proxy Cache 3.0 Squid Web Proxy Cache 3.1.0.11 Squi...
Squid Proxy Cache Security Update Advisory SQUID-2009:2
Squid Proxy Cache Security Update Advisory SQUID-2009:2 Advisory ID: SQUID-2009:2 Date: July 27, 2009 Summary: Multiple Remote Denial of service issues in header processing. Affected versions: Squid 3.0 - 3.0.STABLE16, Squid 3.1 - 3.1.0.11 Fixed in version: Squid 3.0.STABLE17, 3.1.0.12...
HTTP Response Splitting vulnerability in Sun Delegated Administrator
Advisory ID Internal CORE-2009-0114 1. Advisory Information Title: HTTP Response Splitting vulnerability in Sun Delegated Administrator Advisory ID: CORE-2009-0114 Date published: 2009-04-21 Date of last update: 2009-04-21 Vendors contacted: Sun Microsystems Release mode: Coordinated release 2...
Debian DSA-1732-1 : squid3 - denial of service
Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered an assertion error in squid3, a full featured Web Proxy cache, which could lead to a denial of service attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
多个HTTP代理HTTP Host头错误中继行为漏洞
BUGTRAQ ID: 33858 RFC 2616中所定义的HTTP Host头规范允许多个站点共享单个IP地址。 透明代理服务器无需用户交互或浏览器配置便拦截并重新定向网络连接,而很多以透明模式运行的代理服务器基于HTTP host-header值判断连接。Flash、Java等浏览器插件可能通过限制与内容所来源的站点或域的通讯对活动内容强制访问控制。攻击者可以通过活动内容来伪造主机头的值,这样以透明模式运行的代理服务器就会基于这个伪造的值来确定连接,因此攻击者可以连接到代理可连接到的任何网站或资源,包括通常不会暴露给Internet的内网资源。 Qbik WinGate 6.x...
Squid Proxy Cache Denial of service in request processing
Due to an internal error Squid is vulnerable to a denial of service attack when processing specially crafted requests. Determining if your version is vulnerable: All Squid-2.7 versions up to, and including 2.7.STABLE5 are vulnerable. All Squid-3.0 versions up to and including 3.0.STABLE12 are...
DSA-1482-1 squid - programming error
Bulletin has no description...
Debian Security Advisory DSA 809-1 (squid)
The remote host is missing an update to squid announced via advisory DSA 809-1. Several vulnerabilities have been discovered in Squid, the popular WWW proxy cache. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-2794 Certain aborted requests that trigg...
Debian Security Advisory DSA 809-1 (squid)
The remote host is missing an update to squid announced via advisory DSA 809-1. Several vulnerabilities have been discovered in Squid, the popular WWW proxy cache. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-2794 Certain aborted requests that trigg...
SQUID-2007:2, Dec 4, 2007
Squid Proxy Cache Security Update Advisory SQUID-2007:2 Advisory ID: SQUID-2007:2 Date: November 27, 2007 Summary: Denial of service in cache updates Affected versions: Squid 2.X 2.0 - 2.6.STABLE16; Squid-3. Fixed in version: Squid 2.6.STABLE17; November 28 Squid-2 snapshot November 28 Squid-3...
Squid Proxy FTP URI远程拒绝服务漏洞
Squid是一款开放源代码的代理服务器。 Squid处理FTP URI存在安全问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 构建恶意的FTP URI,在让Squid处理时,可导致代理服务器崩溃: ftp://www.example.com/sample/directory;type=d Squid Web Proxy Cache 2.6.STABLE6 Squid Web Proxy Cache 2.6.STABLE5 Squid Web Proxy Cache 2.6.STABLE4 Squid Web Proxy Cache 2.6.STABLE3 Squid Web...
CentOS 3 / 4 : squid (CESA-2005:766)
An updated Squid package that fixes security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Squid is a full-featured Web proxy cache. A bug was found in the way Squid displays error messages. A remote attacker could...
GLSA-200606-05 : Pound: HTTP request smuggling
The remote host is affected by the vulnerability described in GLSA-200606-05 Pound: HTTP request smuggling Pound fails to handle HTTP requests with conflicting 'Content-Length' and 'Transfer-Encoding' headers correctly. Impact : An attacker could exploit this vulnerability by sending HTTP request...