Lucene search
K

1167 matches found

RedHat Linux
RedHat Linux
added 2007/05/21 12:13 p.m.4 views

tomcat multiple content-length header poisioning

Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...

4.3CVSS5.9AI score0.29784EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2007/05/14 4:59 p.m.6 views

tomcat multiple content-length header poisioning

Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...

4.3CVSS5.9AI score0.29784EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2007/05/08 2:53 p.m.4 views

tomcat multiple content-length header poisioning

Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...

4.3CVSS5.9AI score0.29784EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2006/06/08 12:0 a.m.36 views

GLSA-200606-05 : Pound: HTTP request smuggling

The remote host is affected by the vulnerability described in GLSA-200606-05 Pound: HTTP request smuggling Pound fails to handle HTTP requests with conflicting 'Content-Length' and 'Transfer-Encoding' headers correctly. Impact : An attacker could exploit this vulnerability by sending HTTP request...

4.3CVSS8.3AI score0.01472EPSS
Exploits0References2
Prion
Prion
added 2006/05/12 9:2 p.m.15 views

Integer overflow

Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding...

7.5CVSS7.8AI score0.03936EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2006/05/12 9:0 p.m.58 views

CVE-2006-1441

CVE-2006-1441: Affected software is Apple Mac OS X 10.4.6 CFNetwork. The vulnerability is an integer overflow in CFNetwork triggered by crafted chunked transfer encoding, allowing remote attackers to execute arbitrary code. No exploit details or specific patch/version remediation are provided in ...

7.5CVSS7.6AI score0.03936EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2006/05/12 9:0 p.m.28 views

CVE-2006-1441

Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding...

7.6AI score0.03936EPSS
Exploits0References8
NVD
NVD
added 2005/11/22 8:3 p.m.30 views

CVE-2005-3751

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers...

4.3CVSS9.1AI score0.01472EPSS
Exploits0References8
OSV
OSV
added 2005/11/22 8:3 p.m.2 views

DEBIAN-CVE-2005-3751

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers...

4.3CVSS6.5AI score0.01472EPSS
Exploits0References1
Apache Httpd
Apache Httpd
added 2005/10/14 12:0 a.m.41 views

Apache Httpd < 2.0.55 : HTTP Request Spoofing

A flaw occured when using the Apache server as a HTTP proxy. A remote attacker could send a HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, causing Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server ...

4.3CVSS0.3AI score0.20461EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/10/05 12:0 a.m.42 views

Mandrake Linux Security Advisory : apache (MDKSA-2005:130)

Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header which would cause Apache to incorrectly handle and forward the body of the request in a w...

4.3CVSS7.8AI score0.20461EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2005/09/27 11:50 a.m.5 views

security flaw

Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service crash and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP...

9.3CVSS6.5AI score0.05783EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2005/07/25 7:46 a.m.4 views

security flaw

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...

4.3CVSS7.4AI score0.20461EPSS
Exploits1References4
NVD
NVD
added 2005/07/05 4:0 a.m.15 views

CVE-2005-2092

BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forwar...

4.3CVSS6.1AI score0.01515EPSS
Exploits1References5
OSV
OSV
added 2005/07/05 4:0 a.m.3 views

DEBIAN-CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...

4.3CVSS8.4AI score0.20461EPSS
Exploits1References1
NVD
NVD
added 2005/07/05 4:0 a.m.17 views

CVE-2005-2093

Oracle 9i Application Server Oracle9iAS 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to...

4.3CVSS5.9AI score0.04945EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2005/06/30 12:0 a.m.5 views

PT-2005-3031 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: Microsoft IIS versions 5.0 through 6.0 Description: The issue allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding: chunked head...

4.3CVSS6AI score0.3097EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2005/06/11 12:0 a.m.7 views

PT-2005-3030 · Apache +2 · Apache Http Server +2

Name of the Vulnerable Software and Affected Versions: Apache HTTP server versions 1.3.x through 1.3.33 Apache HTTP server versions 2.0.x through 2.0.54 Description: A flaw occurs when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a...

5CVSS8.7AI score0.20461EPSS
Exploits1References71
NVD
NVD
added 2004/10/20 4:0 a.m.31 views

CVE-2004-0051

Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard but frequently supported Content-Transfer-Encoding values such as 1 uuencode, 2 mac-binhex40, and 3 yenc, which may be interpreted differently by...

7.5CVSS6.8AI score0.02383EPSS
Exploits0References3
securityvulns
securityvulns
added 2004/09/13 12:0 a.m.44 views

[Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME Content-Transfer-Encoding mechanism issue

-- Corsaire Security Advisory -- Title: Multiple vendor MIME Content-Transfer-Encoding mechanism issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [email protected] Audience: General distribution Reference: c030804-005 -- Scope -- The aim of this documen...

7.5CVSS6.1AI score0.02383EPSS
Exploits0
Rows per page
Query Builder