CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2018/11/27 12:0 a.m.•3 views

PT-2018-2973

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 6.15.0 Node.js versions prior to 8.14.0 Description The issue is related to HTTP request splitting, where Node.js can be tricked into using unsanitized user-provided Unicode data for the path option of an HTTP request...

9.8CVSS7.1AI score0.90232EPSS

Exploits58References296

FreeBSD•added 2018/11/27 12:0 a.m.•48 views

node.js -- multiple vulnerabilities

Node.js reports: Updates are now available for all active Node.js release lines. These include fixes for the vulnerabilities identified in the initial announcement. They also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2q, and upgrades of Node.js 10 and 11 to OpenSSL 1.1.0j. We recommend...

8.1CVSS1.2AI score0.05572EPSS

Exploits4References1

Hacker One•added 2018/09/14 9:57 p.m.•956 views

Node.js: Http request splitting

Hi, I came upon the following tweet today: https://twitter.com/YShahinzadeh/status/1039396394195451904 which details a http request splitting vulnerability in NodeJS. You can confirm it with the following repro script: const http = require'http' const server = http.createServerreq, res =...

6.8AI score

Tenable Nessus•added 2013/01/24 12:0 a.m.•48 views

RHEL 5 : Red Hat Network Satellite server IBM Java Runtime (RHSA-2011:0880)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0880 advisory. - TLS: MITM attacks via session renegotiation CVE-2009-3555 - krb5: null pointer dereference in GSS-API library leads to DoS...

10CVSS8.3AI score0.88762EPSS

Exploits34References79

OpenVAS•added 2012/09/11 12:0 a.m.•15 views

Slackware Advisory SSA:2005-310-04 apache

The remote host is missing an update as announced via advisory SSA:2005-310-04. OpenVAS Vulnerability Test $Id: esoftslkssa200531004.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

0.5AI score

Tenable Nessus•added 2012/08/01 12:0 a.m.•35 views

Scientific Linux Security Update : firefox on SL5.x, SL4.x, SL3.x i386/x86_64

Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. CVE-2007-5338, CVE-2007-5339, CVE-2007-5340 Several flaws were foun...

9.3CVSS8.5AI score0.21702EPSS

Exploits6References10

NVD•added 2012/07/25 7:55 p.m.•13 views

CVE-2012-3696

CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling...

4.3CVSS6.3AI score0.00384EPSS

Exploits0References5

Prion•added 2012/07/25 7:55 p.m.•13 views

Crlf injection

4.3CVSS6.7AI score0.00384EPSS

Exploits0References5Affected Software1

CVE•added 2012/07/25 7:0 p.m.•53 views

CVE-2012-3696

CVE-2012-3696 is a WebKit/Safari vulnerability (pre-6.0) exposed via crafted WebSockets URI handling leading to CRLF HTTP header injection and potential HTTP request splitting. The issue affects WebKit in Safari and is documented alongside other WebKit/WebKit-related CVEs in the 2012-09 timeframe...

4.3CVSS6.3AI score0.00384EPSS

Exploits0References5Affected Software1

Cvelist•added 2012/07/25 7:0 p.m.•23 views

CVE-2012-3696

6.2AI score0.00384EPSS

Exploits0References5

Tenable Nessus•added 2012/05/17 12:0 a.m.•28 views

SuSE 10 Security Update : flash-player (ZYPP Patch Number 2969)

This security update brings the Adobe Flash Player to version 7.0.69. It fixes the following security problem : - CRLF injection vulnerability in Adobe Flash Player allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in...

5CVSS5.6AI score0.1744EPSS

Exploits0References2

RedHat Linux•added 2011/06/16 7:13 p.m.•3 views

OpenJDK HttpURLConnection request splitting (6952017)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

RedHat Linux•added 2010/12/15 11:41 p.m.•3 views

OpenJDK HttpURLConnection request splitting (6952017)

RedHat Linux•added 2010/12/15 10:41 p.m.•1 views

OpenJDK HttpURLConnection request splitting (6952017)

RedHat Linux•added 2010/11/10 7:0 p.m.•3 views

OpenJDK HttpURLConnection request splitting (6952017)

RedHat Linux•added 2010/11/10 7:0 p.m.•3 views

OpenJDK HttpURLConnection request splitting (6952017)

securityvulns•added 2010/10/24 12:0 a.m.•53 views

Java Multiple Issues

Hi all and sorry for cross post, after several months since I contacted Oracle informing them about ten issues on Java applet security, they finally released an Java 6 update 22 which fixes several security issues In particular the issues are the following, sorted by impact: Information Disclosur...

0.1AI score

RedHat Linux•added 2010/10/20 5:13 p.m.•1 views

OpenJDK HttpURLConnection request splitting (6952017)