Lucene search
K
ApsisPound

5 matches found

CVE
CVE
added 2018/01/29 8:0 p.m.89 views

CVE-2016-10711

Pound (reverse proxy/load balancer) before 2.8a is exposed to HTTP request smuggling via crafted headers (CVE-2016-10711). The issue is documented across multiple feeds (NVD/NIST, Debian, USN) as a related vulnerability to CVE-2016-10711; affected versions include Pound up to 2.8a. Exploitation d...

9.8CVSS9.1AI score0.02893EPSS
CVE
CVE
added 2005/11/22 8:0 p.m.67 views

CVE-2005-3751

Pound fixes before 1.9.4 are exposed as an HTTP request smuggling vulnerability: conflicting Content-length and Transfer-encoding headers can allow remote attackers to poison caches, bypass WAFs, and enable XSS. The description notes the vulnerable window (before 1.9.4) but does not provide expli...

4.3CVSS9.1AI score0.01472EPSS
CVE
CVE
added 2020/06/15 4:50 p.m.62 views

CVE-2018-21245

CVE-2018-21245 affects Pound up to version 2.8, enabling HTTP request smuggling due to a vulnerability related to CVE-2016-10711. The issue is described across multiple feeds as a Pound HTTP handling flaw that can impact confidentiality and integrity (per NVD CVSS data: high impact on both C and ...

9.1CVSS9.2AI score0.01127EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.55 views

CVE-2004-2026

CVE-2004-2026 describes a format-string vulnerability in Pound’s logmsg function (svc.c) affecting Pound 1.5 and earlier. A remote attacker could trigger arbitrary code execution by supplying format-specifiers in syslog messages. The vulnerability is due to improper handling of user-controlled fo...

7.5CVSS7.6AI score0.0664EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.55 views

CVE-2005-1391

Pound (a reverse proxy/load balancer) is affected by CVE-2005-1391 due to an overly long HTTP Host header that can trigger a buffer overflow in add_port(), potentially allowing arbitrary code execution. Debian and Gentoo advisories also reference CVE-2005-3751 (HTTP Request Smuggling) as a separa...

7.5CVSS7.5AI score0.06073EPSS