undertow: improper whitespace parsing leading to potential HTTP request smuggling

It was discovered that Undertow processes http request headers with unusual whitespaces which can cause possible http request smuggling...

X (Formerly Twitter): Opportunity to obtain private tweets through search widget preview caches

The search widget functionality at https://twitter.com/settings/widgets/new uses ██████████ to show search results. Issue here is that ████ seems to be caching the results, despite of no-cache request header and I can force ██████ to show me the cached results. So, if their is a user x who decide...

Input validation

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to...

CVE-2017-7668

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to...

Squid 3.5.x < 3.5.23 / 4.x < 4.0.17 Information Disclosure Vulnerability (SQUID-2016:10)

According to its banner, the version of Squid running on the remote host is 3.x prior to 3.5.23, or 4.x prior to 4.0.17. It is, therefore, affected by an information disclosure vulnerability in the collapsed forwarding feature due to the incorrect comparison of request headers. An unauthenticated...

BSA-2017-286

Security Advisory ID : BSA-2017-286 Component : Apache Revision : 1.0: Interim Apache HTTP Server, prior to release 2.4.25, accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTA...

Apache Httpd < 2.2.34 : ap_find_token() Buffer Overread

The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force...

httpd: Apache HTTP Request Parsing Whitespace Defects

It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a...

Microsoft Edge Fetch API Arbitrary Header Setting Vulnerability

Exploit for windows platform in category remote exploits ------------------------------------------------------------------------ Microsoft Edge Fetch API allows setting of arbitrary request headers ------------------------------------------------------------------------ Yorick Koster, January 20...

Microsoft Edge Fetch API allows setting of arbitrary request headers (CVE-2017-0140)

Introduction The Fetch API provides an interface for fetching resources including across the network. It will seem familiar to anyone who has used XMLHttpRequest, but the Fetch API provides a more powerful and flexible feature set. Starting in EdgeHTML 14, which ships with Windows 10 Anniversary...

Microsoft Edge Fetch API Arbitrary Header Setting

------------------------------------------------------------------------ Microsoft Edge Fetch API allows setting of arbitrary request headers ------------------------------------------------------------------------ Yorick Koster, January 2017...

Apache httpd -- denial of service in HTTP/2

modhttp2 reports: The Apache HTTPD web server from 2.4.17-2.4.23 did not apply limitations on request headers correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a the server allocates too much memory instead of denying the request. This...

OLX: Reflective XSS at dubai.dubizzle.com

POC === 1 Visit: https://dubai.dubizzle.com/m/motors/used-cars/toyota/supra/2016/10/16/toyota-supra-original-left-hand-drive-duba-2-2/?back=amF2YXNjcmlwdDovLyUwQWFsZXJ0KGRvY3VtZW50LmRvbWFpbik=&fromsearch&highlightedads=1 2 Click on "Back" button in upper left hand corner Attack ==== URL Parameter...

IPFire - &#039;Shellshock&#039; Bash Environment Variable Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'IPFire Bash Environment Variable Injection Shellshock', 'Description' = %q IPFire, a free linux based open source firewall...

IPFire - Bash Environment Variable Injection (Shellshock)

Exploit for cgi platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'IPFire Bash Environment Variable Injection Shellshock', 'Description' = %q...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr (SUSE-SU-2015:1680-1)

Mozilla Firefox was updated to version 38.3.0 ESR bsc947003, fixing bugs and security issues. - MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards rv:41.0 / rv:38.3 - MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video - MFSA...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-96 Miscellaneous memory safety hazards rv:41.0 / rv:38.3 MFSA 2015-97 Memory leak in mozTCPSocket to servers MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes MFSA 2015-99 Site attribute spoofing on Android by pasting URL with...

(0Day) Wavelink Emulation License Server LicenseServer.exe HTTP Request Headers Remote Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wavelink Emulation License Server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of HTTP requests in LicenseServer.exe listening by default on por...

(0Day) Wavelink Emulation ConnectPro TermProxy WLTermProxyService.exe HTTP Request Headers Remote Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Wavelink Emulation ConnectPro TermProxy. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of HTTP requests in WLTermProxyService.exe listening by...

Design/Logic Flaw

The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...