Design/Logic Flaw

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

CVE-2010-3549

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

CVE-2010-3549

CVE-2010-3549 affects Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28. The incident is tied to incorrect handling of HTTP chunked transfer encoding by HttpURLConnection, with potential impacts to confidentiality, integrity, and availability. The connected O...

OpenJDK HttpURLConnection request splitting (6952017)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

OpenJDK HttpURLConnection request splitting (6952017)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

Cumulative Security Update for Internet Explorer (950759)

This host has Microsoft Internet Explorer installed, which is prone to HTTP request splitting/smuggling and HTML Objects Memory Corruption Vulnerabilities. OpenVAS Vulnerability Test $Id: gbms08-031.nasl 5863 2017-04-05 07:38:11Z antu123 $ Cumulative Security Update for Internet Explorer 950759...

Flash Player allows to send arbitrary HTTP headers

Overview Adobe Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack. Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed withi...

CVE-2008-1544

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...

Cross site request forgery (csrf)

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a...

Design/Logic Flaw

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...

CVE-2008-1544

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to 1 conduct HTTP request splitting and HTTP...

CVE-2008-1545

In this CVE, the affected component is the XMLHttpRequest.setRequestHeader implementation in Microsoft Internet Explorer 7. The issue arises because the method does not restrict the dangerous Transfer-Encoding HTTP header, enabling remote attackers to perform HTTP request splitting and HTTP reque...

CVE-2008-1544

CVE-2008-1544 relates to Internet Explorer (IE) 5.01/6/7 where setRequestHeader can bypass header-safety checks, enabling HTTP request splitting/smuggling, host/Referer manipulation, and potential same-origin policy bypass. Microsoft’s connected documentation confirms a fix via MS08-031 (Cumulati...

PT-2008-3103 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 through 7 Description: The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer does not block dangerous HTTP request headers when certain 8-bit character sequences are...

[MSA01240108] IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling.

MSA01240108: IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling. Date: March 21th, 2008 Tested Versions: Internet Explorer 7.0.5730.11 Tested OS: Windows XP Professional SP2 Italian Minded Security ReferenceID: MSA01240108 Credits: Discovery by Stefano Di Paola of Minded Security...

GLSA-200801-07 : Adobe Flash Player: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200801-07 Adobe Flash Player: Multiple vulnerabilities Flash contains a copy of PCRE which is vulnerable to a heap-based buffer overflow GLSA 200711-30, CVE-2007-4768. Aaron Portnoy reported an unspecified vulnerability related to...

CVE-2007-6245

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks...

Server side request forgery (ssrf)

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks...

CVE-2007-6245

Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks...

CVE-2007-6245

Adobe Flash Player versions affected by CVE-2007-6245 include 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0. The vulnerability allows remote attackers to modify HTTP headers in client requests, enabling HTTP Request Splitting attacks. Severity is reflected in public CVE data (bas...