354 matches found
CVE-2010-3541
CVE-2010-3541 affects Oracle Java SE/Java for Business (e.g., 6 Update 21; 5.0 Update 25; 1.4.2_27; 1.3.1_28) and is linked in OpenVAS/SUSE advisories. The Connected/OpenVAS entries note the vulnerability arises from limit setting of some request headers in HttpURLConnection, impacting confidenti...
CVE-2010-3541
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...
CVE-2010-3573
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU...
Your Own Personal Server Web-Server buffer overflow
Buffer overflow on request headers parsing...
Oracle WebLogic Server Plug-in HTTP Injection
The remote web server is using the WebLogic plug-in for Apache, IIS, or Sun web servers, a module included with Oracle formerly BEA WebLogic Server and used to proxy requests from an HTTP server to WebLogic. The version of this plug-in on the remote host is affected by an HTTP injection...
Apache Httpd < 2.0.64 : Subrequest handling of request headers (mod_headers)
A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headersin array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as modheaders which may manipulate the inp...
CVE-2008-4298
Memory leak in the httprequestparse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service memory consumption via a large number of requests with duplicate request headers...
CVE-2008-4298
Memory leak in the httprequestparse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service memory consumption via a large number of requests with duplicate request headers...
CVE-2008-4298
Memory leak in the httprequestparse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service memory consumption via a large number of requests with duplicate request headers...
Memory corruption
Memory leak in the httprequestparse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service memory consumption via a large number of requests with duplicate request headers...
CVE-2008-4298
Memory leak in the httprequestparse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service memory consumption via a large number of requests with duplicate request headers...
CVE-2008-4298
Memory leak in the httprequestparse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service memory consumption via a large number of requests with duplicate request headers...
Design/Logic Flaw
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...
Authentication flaw
BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers...
CVE-2008-0895
BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers...
Critical: Red Hat Security Advisory: flash-plugin security update
An updated Adobe Flash Player package that fixes a security issue is now available for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The flash-plugin package contains a...
Lighttpd multiple security vulnerabilities
Multiple memory corruption on request headers parsing...
Multiple browsers digest authentication request splitting
It's possible to inject new line characters to HTTP request headers thorugh username...
Apache 1.3.352.0.582.2.2 - Arbitrary HTTP Request Headers Security
Apache 1.3.352.0.582.2.2 - Arbitrary HTTP Request Headers Security source: https://www.securityfocus.com/bid/19661/info Apache HTTP server is prone to a security weakness related to HTTP request headers. An attacker may exploit this issue to steal cookie-based authentication credentials and launc...
Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security
source: https://www.securityfocus.com/bid/19661/info Apache HTTP server is prone to a security weakness related to HTTP request headers. An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks. var req:LoadVars=new LoadVars;...