Lucene search
K

39 matches found

Prion
Prion
added 2022/01/25 8:15 p.m.22 views

Design/Logic Flaw

On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel TMM...

7.1CVSS7.5AI score0.0092EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/25 7:11 p.m.45 views

CVE-2022-23018

On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel TMM...

7.7AI score0.0092EPSS
Exploits0References1
CVE
CVE
added 2022/01/25 7:11 p.m.120 views

CVE-2022-23018

Concrete details: CVE-2022-23018 affects BIG-IP AFM when a virtual server uses both HTTP protocol security and HTTP Proxy Connect profiles, causing TMM termination and DoS. Affected AFM/versions per advisory: 16.1.0–16.1.1 vulnerable; fixed in 16.1.2. 15.1.x vulnerable in 15.1.2.1–15.1.4, fixed i...

7.5CVSS7.5AI score0.0092EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/02/13 12:0 a.m.25 views

Fedora 19 : socat-1.7.2.3-1.fc19 (2014-1795)

Security update for CVE-2014-0019, which fixes a denial of service flaw in socat when using PROXY-CONNECT Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much...

1.9CVSS6.2AI score0.00404EPSS
Exploits1References3
Fedora
Fedora
added 2014/02/12 2:52 p.m.28 views

[SECURITY] Fedora 19 Update: socat-1.7.2.3-1.fc19

Socat is a relay for bidirectional data transfer between two independent da ta channels. Each of these data channels may be a file, pipe, device serial l ine etc. or a pseudo terminal, a socket UNIX, IP4, IP6 - raw, UDP, TCP, an SSL socket, proxy CONNECT connection, a file descriptor stdin etc.,...

1.9CVSS0.7AI score0.00404EPSS
Exploits1
seebug.org
seebug.org
added 2014/02/12 12:0 a.m.29 views

socat PROXY-CONNECT地址栈缓冲区溢出漏洞

BUGTRAQ ID: 65201 CVECAN ID: CVE-2014-0019 Socat是一个基于命令行的工具,可以创建两个双向字节流并在其间传输数据。 socat 1.3.0.0-1.7.2.2、2.0.0-b1-2.0.0-b6存在栈缓冲区溢出漏洞,本地用户通过命令行内PROXY-CONNECT地址中的超长服务器名称,即可利用此漏洞在受影响应用中执行任意代码。 0 socat socat 2.0.0-b1 - 2.0.0-b6 socat socat 1.3.0.0 - 1.7.2.2 厂商补丁: socat -----...

1.9CVSS4AI score0.00404EPSS
Exploits1
OSV
OSV
added 2014/02/04 9:55 p.m.2 views

DEBIAN-CVE-2014-0019

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service segmentation fault via a long server name in the PROXY-CONNECT address in the command line...

1.9CVSS8.3AI score0.00404EPSS
Exploits1References1
OSV
OSV
added 2014/02/04 9:55 p.m.3 views

UBUNTU-CVE-2014-0019

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service segmentation fault via a long server name in the PROXY-CONNECT address in the command line...

1.9CVSS6AI score0.00404EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2014/02/04 9:55 p.m.28 views

CVE-2014-0019

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service segmentation fault via a long server name in the PROXY-CONNECT address in the command line...

1.9CVSS6AI score0.00404EPSS
Exploits1References1
Prion
Prion
added 2014/02/04 9:55 p.m.13 views

Stack overflow

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service segmentation fault via a long server name in the PROXY-CONNECT address in the command line...

1.9CVSS7.1AI score0.00404EPSS
Exploits1References9Affected Software3
Cvelist
Cvelist
added 2014/02/04 4:0 p.m.32 views

CVE-2014-0019

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service segmentation fault via a long server name in the PROXY-CONNECT address in the command line...

6.3AI score0.00404EPSS
Exploits1References9
FreeBSD
FreeBSD
added 2014/01/24 12:0 a.m.58 views

socat -- buffer overflow with data from command line

Florian Weimer of the Red Hat Product Security Team reports: Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name t...

1.9CVSS6.4AI score0.00404EPSS
Exploits1References1
OSV
OSV
added 2012/05/29 8:55 p.m.1 views

ALPINE-CVE-2012-0804

Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP response...

10CVSS8.2AI score0.08396EPSS
Exploits0References1
OSV
OSV
added 2012/05/29 8:55 p.m.4 views

DEBIAN-CVE-2012-0804

Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP response...

10CVSS8.2AI score0.08396EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2012/02/21 9:17 p.m.4 views

cvs: client proxy_connect heap-based buffer overflow

Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP response...

10CVSS6.4AI score0.08396EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2012/02/09 12:0 a.m.42 views

CVE-2012-0804

Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTTP response...

10CVSS6.4AI score0.08396EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2009/07/06 12:0 a.m.15 views

Protection against Mozilla Firefox SSL Tampering via non-200 Responses to Proxy CONNECT Requests

Mozilla Firefox, Thunderbird and SeaMonkey use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server. A vulnerability was reported in Mozilla Firefox, a feely available Web browser. The vulnerability resides in the handling of non-2...

6.8CVSS9.5AI score0.02032EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2009/06/11 10:41 p.m.2 views

Firefox SSL tampering via non-200 responses to proxy CONNECT requests

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying...

6.8CVSS6AI score0.02032EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2004/03/03 5:0 a.m.26 views

CVE-2004-0006

Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via 1 cookies in a Yahoo web connection, 2 a long name parameter in the Yahoo login web page, 3 a long value parameter in the...

7.5CVSS6.5AI score0.07605EPSS
Exploits0References1
Rows per page
Query Builder