EUVD-2006-0746

Malware in sbrugna...

attackers can change the immutable name and type of cluster

Proof of Concept 1 admin creates a cluster 2 admin adds user1 as one owner 3 attack login as user1 4 user1 edit the the cluster 5 user1 finds that the name and type can not be changed. 6 user1 still edits the cluster and using the burpsuit to hijack the request 7 the request content can be like...

K27551003: The BIG-IP system may not interpret an HTTP request the same way the target web server interprets it

Security Advisory Description This issue occurs when all of the following conditions are met: A virtual server is associated with an HTTP profile. An iRule or LTM policy that uses HTTP header information is associated with the virtual server. The BIG-IP system receives a specially crafted HTTP...

Buffer not correctly recycled in Gzip Request inflation

Impact If GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection and if an attacker can send a request with a body that is received entirely by not consumed by the application, then a subsequent request on the same connection will see...

HAProxy 'tcp-request content' Buffer Overflow Vulnerability

Binary data 6906.prm...

Microsoft IIS 5.0 - False Content-Length Field Denial of Service

Microsoft IIS 5.0 - False Content-Length Field Denial of Service source: https://www.securityfocus.com/bid/3667/info Microsoft IIS 5.0 may be prone to a denial of service condition when sent a specially crafted malformed HTTP GET header. If an IIS 5.0 web server is sent a crafted HTTP GET request...