Squid Denial of Service Vulnerability (CNVD-2016-01442)

Squid full name Squid Cache is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in the http.cc file in Squid versions 3.x prior to 3.5.15 and 4....

openstack-swift: Proxy to server DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

nginx denial of service vulnerability (CNVD-2016-00982)

nginx is an HTTP and reverse proxy server that can also be used as a mail proxy server. A security vulnerability exists in nginx that allows remote attackers to submit special requests for denial of service attacks...

IBM WebSphere Application Server DoS Vulnerability (Jan 2016)

IBM WebSphere Application Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

proxy.thai.we.bs Open Redirect vulnerability

Vulnerable URL: http://proxy.thai.we.bs/counthits.php?url=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 06.04.2016 Latest check for patch:| 06.04.2016 12:29 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

ICMP IP Tunnel: ICMPTunnel

icmptunnel works by encapsulating your IP traffic in ICMP echo packets and sending them to your own proxy server. The proxy server decapsulates the packet and forwards the IP traffic. The incoming IP packets which are destined for the client are again encapsulated in ICMP reply packets and sent...

[SECURITY] Fedora 23 Update: squid-3.5.9-7.fc23

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

Design/Logic Flaw

IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header...

CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...

CVE-2015-3153

Technical details for CVE-2015-3153 are not provided in the connected documents. Monitor for updates; the available material only includes the initial summary of impact without vendor/product specifics.

DSA-3240-1 curl - security update

Bulletin has no description...

UBUNTU-CVE-2015-3153

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents...

Debian Security Advisory DSA 3240-1 (curl - security update)

It was discovered that cURL, an URL transfer library, if configured to use a proxy server with the HTTPS protocol, by default could send to the proxy the same HTTP headers it sends to the destination server, possibly leaking sensitive information. OpenVAS Vulnerability Test $Id: deb3240.nasl 6609...

Oracle iPlanet Web Proxy Server 4.0 < 4.0.25 NSS Signature Verification Vulnerability

According to its self-reported version, the Oracle iPlanet Web Proxy Server installed on the remote host is version 4.0 prior to 4.0.25. It is, therefore, affected by a flaw in the Network Security Services NSS library due to improper parsing of ASN.1 values in an RSA signature. A man-in-the-midd...

Code injection

net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

Ubuntu 14.04 LTS : curl vulnerability (USN-2474-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2474-1 advisory. Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially...

USN-2474-1: curl vulnerability

Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially crafted URL, an attacker could possibly use this issue to inject arbitrary HTTP requests...

Multiple Remote Code Execution Vulnerabilities in Privoxy

Privoxy is a proxy server with filtering for HTTP and HTTPS protocols, often used in combination with Tor. Privoxy suffers from multiple remote code execution vulnerabilities that can be exploited by an attacker to execute arbitrary code in the context of a user running an affected application. o...

[SECURITY] Fedora 21 Update: wget-1.16-3.fc21

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

[SECURITY] Fedora 20 Update: wget-1.16-3.fc20

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...