5 matches found
CVE-2016-10711
Pound (reverse proxy/load balancer) before 2.8a is exposed to HTTP request smuggling via crafted headers (CVE-2016-10711). The issue is documented across multiple feeds (NVD/NIST, Debian, USN) as a related vulnerability to CVE-2016-10711; affected versions include Pound up to 2.8a. Exploitation d...
CVE-2005-3751
Pound fixes before 1.9.4 are exposed as an HTTP request smuggling vulnerability: conflicting Content-length and Transfer-encoding headers can allow remote attackers to poison caches, bypass WAFs, and enable XSS. The description notes the vulnerable window (before 1.9.4) but does not provide expli...
CVE-2018-21245
CVE-2018-21245 affects Pound up to version 2.8, enabling HTTP request smuggling due to a vulnerability related to CVE-2016-10711. The issue is described across multiple feeds as a Pound HTTP handling flaw that can impact confidentiality and integrity (per NVD CVSS data: high impact on both C and ...
CVE-2004-2026
CVE-2004-2026 describes a format-string vulnerability in Pound’s logmsg function (svc.c) affecting Pound 1.5 and earlier. A remote attacker could trigger arbitrary code execution by supplying format-specifiers in syslog messages. The vulnerability is due to improper handling of user-controlled fo...
CVE-2005-1391
Pound (a reverse proxy/load balancer) is affected by CVE-2005-1391 due to an overly long HTTP Host header that can trigger a buffer overflow in add_port(), potentially allowing arbitrary code execution. Debian and Gentoo advisories also reference CVE-2005-3751 (HTTP Request Smuggling) as a separa...