Search criteria
5 vulnerabilities by apsis
CVE-2018-21245 (GCVE-0-2018-21245)
Vulnerability from cvelistv5 – Published: 2020-06-15 16:50 – Updated: 2024-08-05 12:26
VLAI?
Summary
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/714084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-22T12:32:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/714084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html",
"refsource": "MISC",
"url": "https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html"
},
{
"name": "https://bugs.gentoo.org/714084",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/714084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21245",
"datePublished": "2020-06-15T16:50:38",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-05T12:26:39.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10711 (GCVE-0-2016-10711)
Vulnerability from cvelistv5 – Published: 2018-01-29 20:00 – Updated: 2024-08-06 03:30
VLAI?
Summary
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:30:20.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000"
},
{
"name": "[debian-lts-announce] 20180212 [SECURITY] [DLA 1280-1] pound security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00015.html"
},
{
"name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2196-1] pound security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00028.html"
},
{
"name": "[debian-lts-announce] 20200503 [SECURITY] [DLA 2196-2] pound regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-03T19:06:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000"
},
{
"name": "[debian-lts-announce] 20180212 [SECURITY] [DLA 1280-1] pound security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00015.html"
},
{
"name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2196-1] pound security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00028.html"
},
{
"name": "[debian-lts-announce] 20200503 [SECURITY] [DLA 2196-2] pound regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000",
"refsource": "CONFIRM",
"url": "http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000"
},
{
"name": "[debian-lts-announce] 20180212 [SECURITY] [DLA 1280-1] pound security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00015.html"
},
{
"name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2196-1] pound security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00028.html"
},
{
"name": "[debian-lts-announce] 20200503 [SECURITY] [DLA 2196-2] pound regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10711",
"datePublished": "2018-01-29T20:00:00",
"dateReserved": "2018-01-29T00:00:00",
"dateUpdated": "2024-08-06T03:30:20.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3751 (GCVE-0-2005-3751)
Vulnerability from cvelistv5 – Published: 2005-11-22 20:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-934"
},
{
"name": "18367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18367"
},
{
"name": "SUSE-SR:2006:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"
},
{
"name": "[pound-list] 20051020 ANNOUNCE: Pound - reverse proxy and load balancer - v1.9.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000"
},
{
"name": "GLSA-200606-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml"
},
{
"name": "20215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20215"
},
{
"name": "18381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18381"
},
{
"name": "20510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20510"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-12T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-934"
},
{
"name": "18367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18367"
},
{
"name": "SUSE-SR:2006:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"
},
{
"name": "[pound-list] 20051020 ANNOUNCE: Pound - reverse proxy and load balancer - v1.9.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000"
},
{
"name": "GLSA-200606-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml"
},
{
"name": "20215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20215"
},
{
"name": "18381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18381"
},
{
"name": "20510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20510"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-934",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-934"
},
{
"name": "18367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18367"
},
{
"name": "SUSE-SR:2006:011",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"
},
{
"name": "[pound-list] 20051020 ANNOUNCE: Pound - reverse proxy and load balancer - v1.9.4",
"refsource": "MLIST",
"url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000"
},
{
"name": "GLSA-200606-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml"
},
{
"name": "20215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20215"
},
{
"name": "18381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18381"
},
{
"name": "20510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20510"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3751",
"datePublished": "2005-11-22T20:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2026 (GCVE-0-2004-2026)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:15
VLAI?
Summary
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000"
},
{
"name": "1010034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010034"
},
{
"name": "11528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11528"
},
{
"name": "5746",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5746"
},
{
"name": "20040507 Pound \u003c=1.5 Remote Exploit (Format string bug)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.html"
},
{
"name": "pound-logmsg-format-string(16033)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16033"
},
{
"name": "GLSA-200405-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-08.xml"
},
{
"name": "10267",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10267"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000"
},
{
"name": "1010034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010034"
},
{
"name": "11528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11528"
},
{
"name": "5746",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5746"
},
{
"name": "20040507 Pound \u003c=1.5 Remote Exploit (Format string bug)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.html"
},
{
"name": "pound-logmsg-format-string(16033)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16033"
},
{
"name": "GLSA-200405-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-08.xml"
},
{
"name": "10267",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10267"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000",
"refsource": "CONFIRM",
"url": "http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000"
},
{
"name": "1010034",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010034"
},
{
"name": "11528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11528"
},
{
"name": "5746",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5746"
},
{
"name": "20040507 Pound \u003c=1.5 Remote Exploit (Format string bug)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.html"
},
{
"name": "pound-logmsg-format-string(16033)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16033"
},
{
"name": "GLSA-200405-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-08.xml"
},
{
"name": "10267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10267"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2026",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1391 (GCVE-0-2005-1391)
Vulnerability from cvelistv5 – Published: 2005-05-02 04:00 – Updated: 2024-08-07 21:51
VLAI?
Summary
Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:48.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-934"
},
{
"name": "1013824",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013824"
},
{
"name": "[pound_list] 20050426 remote buffer overflow in pound 1.8.2 + question abotu Host header",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-04/1114516112000"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852"
},
{
"name": "15963",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15963"
},
{
"name": "15202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15202"
},
{
"name": "GLSA-200504-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200504-29.xml"
},
{
"name": "ADV-2005-0437",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0437"
},
{
"name": "15679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15679"
},
{
"name": "pound-addport-bo(20316)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20316"
},
{
"name": "13436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13436"
},
{
"name": "18381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18381"
},
{
"name": "15142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-934"
},
{
"name": "1013824",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013824"
},
{
"name": "[pound_list] 20050426 remote buffer overflow in pound 1.8.2 + question abotu Host header",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-04/1114516112000"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852"
},
{
"name": "15963",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15963"
},
{
"name": "15202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15202"
},
{
"name": "GLSA-200504-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200504-29.xml"
},
{
"name": "ADV-2005-0437",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0437"
},
{
"name": "15679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15679"
},
{
"name": "pound-addport-bo(20316)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20316"
},
{
"name": "13436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13436"
},
{
"name": "18381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18381"
},
{
"name": "15142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-934",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-934"
},
{
"name": "1013824",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013824"
},
{
"name": "[pound_list] 20050426 remote buffer overflow in pound 1.8.2 + question abotu Host header",
"refsource": "MLIST",
"url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-04/1114516112000"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852"
},
{
"name": "15963",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15963"
},
{
"name": "15202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15202"
},
{
"name": "GLSA-200504-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200504-29.xml"
},
{
"name": "ADV-2005-0437",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0437"
},
{
"name": "15679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15679"
},
{
"name": "pound-addport-bo(20316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20316"
},
{
"name": "13436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13436"
},
{
"name": "18381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18381"
},
{
"name": "15142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1391",
"datePublished": "2005-05-02T04:00:00",
"dateReserved": "2005-05-02T00:00:00",
"dateUpdated": "2024-08-07T21:51:48.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}