Lucene search
K

37 matches found

RedHat Linux
RedHat Linux
added 2023/12/07 1:55 p.m.4 views

curl: out of heap memory issue due to missing limit on header quantity

A flaw was found in the Curl package. Curl allows a malicious server to stream an endless series of headers to a client due to missing limit on header quantity, eventually causing curl to run out of heap memory, which may lead to a crash...

7.5CVSS7.1AI score0.62246EPSS
Exploits1References5
OSV
OSV
added 2023/09/13 12:0 a.m.3 views

UBUNTU-CVE-2023-38039

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of header...

7.5CVSS6.7AI score0.62246EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.7 views

SolarWinds Security Event Manager 信息泄露漏洞

SolarWinds Security Event Manager SolarWinds SEM is an American SolarWinds Inc. for forensics and troubleshooting, as well as a tool to help you manage log data. An information disclosure vulnerability exists in SolarWinds Security Event Manager versions prior to 2022.4, which stems from the...

5.3CVSS6AI score0.00651EPSS
Exploits0References3
NVD
NVD
added 2021/06/01 2:15 p.m.24 views

CVE-2021-20585

IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398...

5.3CVSS0.01014EPSS
Exploits0References2
Prion
Prion
added 2021/06/01 2:15 p.m.18 views

Information disclosure

IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398...

5CVSS4.7AI score0.01014EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/06/01 12:0 a.m.4 views

IBM Security Verify Access 信息泄露漏洞

IBM Security Verify Access, formerly known as IBM Security Access Manager or ISAM, is designed to help you simplify user access and more securely adopt Web, mobile, IoT and cloud technologies. An information disclosure vulnerability exists in IBM Security Verify Access version 20.07. An attacker...

5.3CVSS5.7AI score0.01014EPSS
Exploits0References2
CVE
CVE
added 2021/05/31 2:50 p.m.50 views

CVE-2021-20585

CVE-2021-20585 affects IBM Security Verify Access 20.07. It allows disclosure of sensitive information via HTTP server headers (partial confidentiality impact). No explicit root cause or remediation details are provided in the connected documents; exploitation status not described. Monitor for up...

5.3CVSS4.9AI score0.01014EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/31 2:50 p.m.28 views

CVE-2021-20585

IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398...

5.3CVSS5AI score0.01014EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/05/26 8:42 p.m.4 views

ruby: HTTP response splitting in WEBrick

It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client...

5.3CVSS7.2AI score0.0576EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/05/19 10:29 p.m.3 views

ruby: HTTP response splitting in WEBrick

It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client...

5.3CVSS7.2AI score0.0576EPSS
Exploits0References5
Hacker One
Hacker One
added 2020/05/08 7:45 a.m.215 views

Node.js: Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests

Summary: Node.js is vulnerable to HTTP denial of service DOS attacks based on delayed requests submission which can make the server unable to accept new connections. Description: An attacker can open an arbitrary number of HTTP connections and keep the server busy by never completing the request...

5CVSS0.08794EPSS
Exploits0
Kitploit
Kitploit
added 2019/11/06 9:36 p.m.119 views

EyeWitness - Tool To Take Screenshots Of Websites, Provide Some Server Header Info, And Identify Default Credentials If Possible

EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known. EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xm...

7.4AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/08/06 12:40 p.m.2 views

ruby: HTTP response splitting in WEBrick

It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client...

5.3CVSS7.2AI score0.0576EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/11/29 10:10 a.m.5 views

ruby: HTTP response splitting in WEBrick

It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client...

5.3CVSS7.2AI score0.0576EPSS
Exploits0References5
OSV
OSV
added 2018/10/19 5:43 p.m.3 views

GHSA-6CW8-7J6C-HCCP Moderate severity vulnerability that affects io.vertx:vertx-core

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response...

5.3CVSS6.4AI score0.02482EPSS
Exploits0References9
Information Security Automation
Information Security Automation
added 2018/07/08 9:22 p.m.64 views

Free High-Tech Bridge ImmuniWeb Application Discovery service

Today I would like to talk about another service for application security analysis by High-Tech Bridge. It's called ImmuniWeb Application Discovery. This service can get information about your web and mobile applications available from the Internet. Believe me, this is not so obvious for a large...

7AI score
Exploits0
Kitploit
Kitploit
added 2014/03/15 12:24 a.m.26 views

[wig] WebApp Information Gatherer (Identify CMS)

wig is a Python tool that identifies a websites CMS by searching for fingerprints of static files and extracting version numbers from known files. OS identification is done by using the value of the ‘server’ and ‘X-Powered-By’ in the response header. These values are compared to a database of whi...

7.2AI score
Exploits0References1
Rows per page
Query Builder