PT-2024-1487

Name of the Vulnerable Software and Affected Versions aiohttp versions prior to 3.9.2 python3-aiohttp versions prior to 3.6.2-1ubuntu1+esm3 python3-module-aiohttp versions prior to 3.9.5-alt1 python310-aiohttp versions prior to 3.9.3-1.1 Description aiohttp is an asynchronous HTTP client/server...

Virtual Appliance or SAN mode fails on a localized proxy server

Challenge Hot-add or SAN mode fails on a localized proxy. In the job log, you can see the following error: Info AP 2a1a output: 2012-01-26T12:07:14.429+01:00 02252 error 'Default' Cannot use advanced transport modes for xxx.xxx.xxx.xxx/moref=vm-xxx/snapshot-xxx: Cannot lock directory...

Squid Unsupported Version Detection

According to its self-reported version number, the installation of Squid running on the remote host is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities. C Tenable...

Squid DNS Replies Invalid Free Code Execution (CVE-2011-4096)

A remote code execution vulnerability has been reported in the Squid proxy server. The vulnerability is due to an error while processing certain DNS replies. An attacker may exploit this issue by enticing affected users to open a link containing a host name, which will cause a malicious DNS reply...

squid proxy server buffer overflow

Crash on DNS response parsing...

CentOS 6 : squid (CESA-2011:1791)

An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: squid security update

An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

[SECURITY] Fedora 15 Update: squid-3.1.16-1.fc15

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

JVN#73643130: Microsoft MSXML vulnerability in HTTP request processing

MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to another server. Impact When going through a proxy server, information such as authentication...

Stop Payments Stop Spam, Researchers Find

“Follow the money” – it was good advice for Woodward and Bernstein in their investigation of the Watergate scandal. It turns out to be good advice for those wishing to stamp out spam e-mail, also. That’s the conclusion of researchers from the University of California, San Diego and the University...

Low: Red Hat Security Advisory: squid security and bug fix update

An updated squid package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Design/Logic Flaw

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server...

CVE-2011-1499

acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server...

IBM Tivoli Directory Proxy Server Denial of Service Vulnerability

IBM Tivoli Directory Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server TDS 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a denial of service daemon crash via an unbind request that occurs during a certain search operation...

CVE-2010-4217

CVE-2010-4217 affects IBM Tivoli Directory Proxy Server (TDS) and is a use-after-free in the proxy server. The vulnerability allows remote attackers to cause a daemon crash (DoS) by sending an unbind request during a certain search operation. Affected versions are TDS 6.0.0.x before 6.0.0.8-TIV-I...

Paypal.com Cross Site Scripting

https://www.paypal.com | HTTP Header Injection | Cross Site Scripting XSS | CAPEC-34 | CWE-79 Hoyt LLC - October 28, 2010 http://cloudscan.blogspot.com | http://cloudscan.me https://www.paypal.com | HTTP Header Injection | Cross Site Scripting XSS Tested on IE8, Chrome, Firefox. The affected URL'...

Squid Proxy Version Detection

The remote host is running the Squid proxy server, an open source proxy server. It was possible to read the version number from the banner. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid49692; scriptversion"1.15"; scriptsetattributeattribute:"pluginmodificationdate"...