5 matches found
CVE-2010-0551
CVE-2010-0551 affects Geo++ GNCASTER 1.4.0.7 and earlier. The HTTP authentication implementation allows remote attackers to read authentication headers from other users by sending a large request with an incorrect authentication attempt, resulting in memory disclosure (often called a memory leak)...
CVE-2010-0550
The CVE-2010-0550 entry affects Geo++ GNCASTER 1.4.0.7 and earlier. The root issue is a faulty enforcement of HTTP Digest Authentication, allowing remote authenticated users to fall back to HTTP Basic Authentication and bypass the intended server policy. The connected sources confirm the affected...
CVE-2010-0552
CVE-2010-0552 affects Geo++ GNCASTER 1.4.0.7 and earlier. Remote attackers can cause a denial of service (application crash) and possibly execute arbitrary code by issuing multiple requests for a non-existent file using a long URI. Root cause indicated is improper handling of long URLs leading to...
CVE-2010-0553
CVE-2010-0553 affects Geo++ GNCASTER (versions up to and including 1.4.0.7). The issue allows remote authenticated users to trigger a denial of service (application crash) and possibly execute arbitrary code via a long NMEA data sentence. The NVD entry records a NETWORK attack vector with LOW com...
CVE-2010-0554
The CVE-2010-0554 entry concerns Geo++ GNCASTER, affected in versions 1.4.0.7 and earlier. The HTTP Authentication implementation uses the same nonce for all authentication attempts, enabling replay attacks that can hijack web sessions or bypass authentication. This is the root cause: nonce reuse...