45 matches found
CVE-2015-8027
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service uncaughtException and service outage via a pipelined HTTP request...
Apache Httpd < 2.4.16 : HTTP request smuggling attack against chunked request parser
An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use...
Design/Logic Flaw
The HTTPRequestParser method in the HTTP Transport component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service controller 0C4 abend and application hang via a long HTTP Host header, related to "storage overlay" on the stack and a...
CVE-2008-4678
The HTTPRequestParser method in the HTTP Transport component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service controller 0C4 abend and application hang via a long HTTP Host header, related to "storage overlay" on the stack and a...
openSUSE 10 Security Update : openwsman (openwsman-5241)
This update provides a fix for the included shttpd web-server to patch a buffer overflow vulnerability in the HTTP request parser. This bug can only be exploited by authenticated users to execute arbitrary code with the privileges of the openwsman/shttp daemon. CVE-2008-2097 %NASLMINLEVEL 70300 C...