Lucene search
+L

66 matches found

susecve
susecve
added 2023/02/15 3:25 a.m.5 views

SUSE CVE-2022-32205

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...

4.9CVSS7.2AI score0.26915EPSS
Exploits1References44
mscve
mscve
added 2022/07/19 7:0 a.m.6 views

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this or other servers to which the cookies match create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept match and haven't expired. Due to cookie matching rules a server on `foo.example.com` can set cookies that also would match for `bar.example.com` making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.

...

4.3CVSS7.2AI score0.26915EPSS
Exploits1
osv
osv
added 2022/07/08 11:3 a.m.5 views

OESA-2022-1744 curl security update

Security Fixes: A vulnerability was found in curl. This issue occurs because it mishandles message verification failures when curl does FTP transfers secured by krb5. This flaw makes it possible for a Man-in-the-middle attack to go unnoticed and allows data injection into the client.CVE-2022-3220...

9.8CVSS6.6AI score0.3197EPSS
Exploits4References5
nvd
nvd
added 2022/07/07 1:15 p.m.24 views

CVE-2022-32205

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...

4.3CVSS0.26915EPSS
Exploits1References9
osv
osv
added 2022/07/07 1:15 p.m.4 views

ALPINE-CVE-2022-32205

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...

4.3CVSS6.7AI score0.26915EPSS
Exploits1References1
cvelist
cvelist
added 2022/07/07 12:0 a.m.29 views

CVE-2022-32205

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...

6.8AI score0.26915EPSS
Exploits1References9
redhatcve
redhatcve
added 2022/06/28 3:35 a.m.43 views

CVE-2022-32205

A vulnerability was found in curl. This issue occurs because a malicious server can serve excessive amounts of Set-Cookie: headers in an HTTP response to curl, which stores all of them. This flaw leads to a denial of service, either by mistake or by a malicious actor...

5.9CVSS1.8AI score0.26915EPSS
Exploits1References4
curl
curl
added 2022/06/27 8:0 a.m.9 views

Set-Cookie denial of service

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the...

4.3CVSS6.8AI score0.26915EPSS
Exploits1References1Affected Software2
osv
osv
added 2022/06/27 8:0 a.m.7 views

CURL-CVE-2022-32205 Set-Cookie denial of service

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the...

4.3CVSS6.6AI score0.26915EPSS
Exploits1
ubuntucve
ubuntucve
added 2022/06/27 12:0 a.m.31 views

CVE-2022-32205

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...

4.3CVSS6.7AI score0.26915EPSS
Exploits1References3
osv
osv
added 2022/06/27 12:0 a.m.3 views

UBUNTU-CVE-2022-32205

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...

4.3CVSS6.6AI score0.26915EPSS
Exploits1References4
mageia
mageia
added 2015/05/15 6:23 p.m.54 views

Updated ruby-rest-client packages fix security vulnerabilities

Updated ruby-rest-client packages fix security vulnerability: When Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration. This can be used in a session fixation...

9.8CVSS9.3AI score0.04345EPSS
Exploits0References4
prion
prion
added 2015/01/14 11:59 a.m.26 views

Session fixation

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

6.8CVSS6.9AI score0.01902EPSS
Exploits0References39Affected Software4
cvelist
cvelist
added 2015/01/14 11:0 a.m.40 views

CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

9.4AI score0.01902EPSS
Exploits0References39
openvas
openvas
added 2013/05/02 12:0 a.m.17 views

Opera Multiple Vulnerabilities-01 May13 (Mac OS X)

The host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvuln01may13macosx.nasl 6125 2017-05-15 09:03:42Z teissa $ Opera Multiple Vulnerabilities-01 May13 Mac OS X Authors: Arun Kallavi Copyright: Copyright c 2013 Greenbone Networks Gmb...

10CVSS0.2AI score0.01726EPSS
Exploits0References2
openvas
openvas
added 2013/05/02 12:0 a.m.26 views

Opera Multiple Vulnerabilities-01 (May 2013) - Mac OS X

Opera is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.5AI score0.01726EPSS
Exploits0References4
nessus
nessus
added 2012/08/01 12:0 a.m.35 views

Scientific Linux Security Update : httpd on SL4.x i386/x86_64

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

5CVSS7.1AI score0.12901EPSS
Exploits0References2
nessus
nessus
added 2012/08/01 12:0 a.m.41 views

Scientific Linux Security Update : httpd on SL5.x

Problem description : A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is...

5CVSS7.1AI score0.12901EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2011/06/24 12:0 a.m.23 views

CVE-2011-2362

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...

5CVSS7.2AI score0.01777EPSS
Exploits1References3
redhat
redhat
added 2011/06/21 10:39 p.m.7 views

Mozilla Cookie isolation error (MFSA 2011-24)

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers...

5CVSS7.4AI score0.01777EPSS
Exploits1References4
Rows per page
Query Builder