Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
http-proxy vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2017-9271
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local malicious users to gain access to proxies used.
Opensuse Zypper -
Fedoraproject Fedora 33
5.8
CVSSv2
CVE-2011-4968
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
F5 Nginx 0.7.61
F5 Nginx 0.7.62
F5 Nginx 0.7.64
F5 Nginx 0.7.65
F5 Nginx 0.7.66
F5 Nginx 0.8.33
F5 Nginx 0.8.35
F5 Nginx 0.8.36
F5 Nginx 0.8.40
F5 Nginx 1.2.6
Debian Debian Linux 8.0
NA
CVE-2022-43551
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mecha...
Haxx Curl
Fedoraproject Fedora 37
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
5
CVSSv2
CVE-2021-3116
before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py prior to 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).
Proxy.py Project Proxy.py
10
CVSSv2
CVE-2000-0376
Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote malicious users to execute arbitrary commands via a long HTTP GET request.
I-drive Filo 1.01
5
CVSSv2
CVE-2010-4488
Google Chrome prior to 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote malicious users to cause a denial of service (application crash) via unspecified vectors.
Google Chrome
5
CVSSv2
CVE-2005-2730
The HTTP proxy in Astaro Security Linux 6.0 allows remote malicious users to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message.
Astaro Security Linux 6.001
10
CVSSv2
CVE-2007-2031
Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel prior to 20070413, might allow remote malicious users to execute arbitrary code via crafted transparent requests.
3proxy 3proxy
3 EDB exploits
7.5
CVSSv2
CVE-2005-2729
The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote malicious users to bypass firewall rules and connect to local services.
Astaro Security Linux 6.001
1 EDB exploit
7.5
CVSSv2
CVE-2003-0106
The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.
Symantec Enterprise Firewall 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »