Microsoft Windows DNS Server WPAD Access Validation Vulnerability

Description The Microsoft Windows DNS Server is prone to an access-validation vulnerability because the software fails to properly restrict access when defining WPAD Web Proxy Autodiscovery Protocol entries. An authenticated attacker may exploit this issue to create a WPAD DNS entry. This may aid...

Microsoft DNS Server WPAD Registration Spoofing (MS09-008; CVE-2009-0093)

WPAD feature enables web clients to automatically detect proxy settings without user intervention. A Web Proxy Auto-Discovery WPAD registration spoofing vulnerability has been reported in Microsoft DNS servers. The vulnerability is due to an error in the Windows DNS server that fails to correctly...

Debian DSA-1732-1 : squid3 - denial of service

Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered an assertion error in squid3, a full featured Web Proxy cache, which could lead to a denial of service attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

DSA-1732-1 squid3 - denial of service

Bulletin has no description...

多个HTTP代理HTTP Host头错误中继行为漏洞

BUGTRAQ ID: 33858 RFC 2616中所定义的HTTP Host头规范允许多个站点共享单个IP地址。 透明代理服务器无需用户交互或浏览器配置便拦截并重新定向网络连接，而很多以透明模式运行的代理服务器基于HTTP host-header值判断连接。Flash、Java等浏览器插件可能通过限制与内容所来源的站点或域的通讯对活动内容强制访问控制。攻击者可以通过活动内容来伪造主机头的值，这样以透明模式运行的代理服务器就会基于这个伪造的值来确定连接，因此攻击者可以连接到代理可连接到的任何网站或资源，包括通常不会暴露给Internet的内网资源。 Qbik WinGate 6.x...

Squid Web代理缓存HTTP版本号解析拒绝服务漏洞

BUGTRAQ ID: 33604 CVECAN ID: CVE-2009-0478 Squid是一个高效的Web缓存及代理程序，最初是为Unix平台开发的，现在也被移植到Linux和大多数的Unix类系统中，最新的Squid可以运行在Windows平台下。 Squid没有正确地处理畸形的HTTP版本号，远程客户端可以向服务器发送特制请求导致拒绝服务的情况。 Squid Web Proxy Cache 3.1 Squid Web Proxy Cache 3.0 Squid Web Proxy Cache 2.7 厂商补丁： Squid -----...

HTTP CONNECT Proxy Detection

The remote service supports the HTTP CONNECT method for tunneling connections through an HTTP connection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid34473; scriptversion"1.10";...

Sun Java系统Web代理服务器FTP子系统堆溢出漏洞

BUGTRAQ ID: 31691 CVECAN ID: CVE-2008-4541 Sun Java System Web Proxy Server是一款基于WEB的代理服务程序。 Sun Java Web代理服务器的FTP子系统没有正确地处理FTP资源。如果远程攻击者向有漏洞的服务器发送了恶意的HTTP GET请求的话，就可以触发堆溢出，导致执行任意指令。 Sun Java System Web Proxy Server 4.0 - 4.0.7 Sun已经为此发布了一个安全公告（Sun-Alert-242986）以及相应补丁: Sun-Alert-242986：A Heap...

Sun Java Web Proxy buffer overflow

Buffer overflow on FTP resource GET request handling in HTTP proxy...

Sun Java System Web Proxy Server Vulnerabilities (Windows)

This host has Sun Java Web Proxy Server running, which is prone to heap buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbsunjavawebporxysvrvulnwin.nasl 6605 2017-07-07 11:22:07Z cfischer $ Sun Java System Web Proxy Server Vulnerabilities Windows Authors: Chandan S Copyright:...

Sun Java System Web Proxy Server < 4.0.8 Multiple Vulnerabilities - Linux

Sun Java Web Proxy Server is prone to a heap buffer overflow vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

iDefense Security Advisory 10.14.08: Sun Java Web Proxy Server FTP Resource Handling Heap-Based Buffer Overflow

iDefense Security Advisory 10.09.08 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 09, 2008 I. BACKGROUND Sun Microsystems Inc's Java System is a collection of server applications bundled together. One such server application included is the Web Proxy Server. This software implements...

Sun Java System Web Proxy Server Two Vulnerabilities (Linux)

This host has Sun Java Web Proxy Server running, which is prone to heap buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbsunjavawebporxysvrvulnlin.nasl 7174 2017-09-18 11:48:08Z asteins $ Sun Java System Web Proxy Server Two Vulnerabilities Linux Authors: Chandan S Copyright:...

Heap overflow

Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request...

CVE-2008-4541

Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request...

CVE-2008-4541

Sun Java System Web Proxy Server (Sun Microsystems) is affected by CVE-2008-4541 due to a heap-based buffer overflow in the FTP subsystem. The vulnerability exists in versions 4.0 through 4.0.7 and can be triggered by processing a crafted HTTP GET request, potentially allowing remote code executi...

KLA10346 ACE vulnerability in Java System Web Proxy Server

A buffer overflow was found in the Java System Web Proxy Server. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely a via specially designed GET request. Original advisories - Related products Sun-Java-System-Web-Proxy-Server...

CVE-2008-4133

The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters...

Authentication flaw

The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters...

CVE-2008-4133

The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters...