361 matches found
Gratipay: suppress version in Server header on gratipay.com or grtp.co
Summary: Server version information is returned in the response headers. Estimated severity: Low More info: Any page requested on the site returns a lot of information in the response headers. This information includes specific version information for the server and proxy. The following version...
The vulnerability of the Microsoft Edge browser, which allows a hacker to bypass the protection against cross-site scripting attacks
The vulnerability of Microsoft Edge is caused by errors in the processing of HTTP response headers. Exploiting this vulnerability allows a malicious actor to bypass the protection mechanisms against cross-site scripting attacks...
h2o -- directory traversal vulnerability
Yakuzo OKU reports: When redirect directive is used, this flaw allows a remote attacker to inject response headers into an HTTP redirect response...
Airties Air5650TT Modem Cross Site Scripting
Airties Air5650TT Modem Web Interface Reflected XSS Vulnerability My + Discovered by: KnocKout Contact : [email protected] HomePage : http://h4x0resec.blogspot.com Love to = KedAns-Dz & UnDeRTaKeR & BARCOD3 & Septemb0x & ZoRLu milw00rm.com Software info |Hardware/Web App : Airties |Affected...
HostingTakip 3.0 Cross Site Scripting
HostingTakip v3.0 - Stored XSS Vulnerability My + Discovered by: KnocKout Contact : [email protected] HomePage : http://h4x0resec.blogspot.com Love to UnDeRTaKeR & BARCOD3 & Septemb0x & ZoRLu milw00rm.com Software info |Web App. : HostingTakip |Affected Version : v3.0 |Software :...
USN-2523-1: Apache HTTP Server vulnerabilities
Martin Holst Swende discovered that the modheaders module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. CVE-2013-5704 Mark Montague discovered that the modcache module incorrectly handl...
FreeBSD : apache24 -- several vulnerabilities (5804b9d4-a959-11e4-9363-20cf30e32f6d)
Apache HTTP SERVER PROJECT reports : modproxyfcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K. modcache: Avoid a crash when Content-Type has an empty value. PR 56924. modlua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple...
Design/Logic Flaw
The handleheaders function in modproxyfcgi.c in the modproxyfcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service buffer over-read and daemon crash via long response headers...
CVE-2014-3583
The handleheaders function in modproxyfcgi.c in the modproxyfcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service buffer over-read and daemon crash via long response headers...
CVE-2014-3583
The handleheaders function in modproxyfcgi.c in the modproxyfcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service buffer over-read and daemon crash via long response headers...
UBUNTU-CVE-2014-3583
The handleheaders function in modproxyfcgi.c in the modproxyfcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service buffer over-read and daemon crash via long response headers...
CVE-2013-3978
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation...
Design/Logic Flaw
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation...
Design/Logic Flaw
Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to 1 AppSelfService.aspx and 2 AgencyPortal.aspx in the browser history, which allows remote attackers to obtain sensitive information by leveraging...
CVE-2014-1930
Visibility Software Cyber Recruiter prior to version 8.1.00 is vulnerable due to an improper HTTPS transport/response header configuration that permits browser-history access to (1) AppSelfService.aspx and (2) AgencyPortal.aspx, enabling an attacker to obtain sensitive information from an unatten...
CVE-2013-4961
CVE-2013-4961 affects Puppet Enterprise prior to 3.0.1. The vulnerability is an information disclosure where the HTTP response headers reveal version information for Apache and Phusion Passenger, allowing remote attackers to obtain sensitive details about the server stack. Publicly documented acr...
CVE-2013-4961
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information...
detect_reverse_proxy
This plugin tries to determine if the remote end has a reverse proxy installed. The procedure used to detect reverse proxies is to send a request to the remote server and analyze the response headers, if a Via header is found, chances are that the remote site has a reverse proxy. Plugin type...
Ubuntu Update for glance USN-1764-1
Check for the Version of glance OpenVAS Vulnerability Test $Id: gbubuntuUSN17641.nasl 8650 2018-02-03 12:16:59Z teissa $ Ubuntu Update for glance USN-1764-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software;...
CentOS Update for httpd CESA-2013:0130 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...