Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
http-proxy project vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2005-2700
ssl_engine_kernel.c in mod_ssl prior to 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote malicious users to bypass intende...
Apache Http Server
Debian Debian Linux 3.1
Debian Debian Linux 3.0
Canonical Ubuntu Linux 4.10
Canonical Ubuntu Linux 5.04
9
CVSSv2
CVE-2019-10196
A flaw was found in http-proxy-agent, prior to version 2.1.0. It exists http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure throug...
Http-proxy-agent Project Http-proxy-agent
Fedoraproject Fedora 27
Redhat Software Collections -
Redhat Enterprise Linux 7.0
7.5
CVSSv2
CVE-2021-21322
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user e...
Fastify-http-proxy Project Fastify-http-proxy
7.5
CVSSv2
CVE-2005-1857
Format string vulnerability in simpleproxy prior to 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply.
Simpleproxy Simpleproxy 3.0
Simpleproxy Simpleproxy 3.1
Simpleproxy Simpleproxy 2.2b
Simpleproxy Simpleproxy 3.2
7.5
CVSSv2
CVE-2005-1109
The filtering of URLs in JunkBuster prior to 2.0.2-r3 allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption.
Junkbuster Internet Junkbuster 2.0.2
Junkbuster Internet Junkbuster 2.0.2 R2
Junkbuster Internet Junkbuster 2.0.1
5
CVSSv2
CVE-2021-3116
before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py prior to 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).
Proxy.py Project Proxy.py
5
CVSSv2
CVE-2017-16014
Http-proxy is a proxying library. Because of the way errors are handled in versions prior to 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.
Http-proxy Project Http-proxy
5
CVSSv2
CVE-2005-2728
The byte-range filter in Apache 2.0 prior to 2.0.54 allows remote malicious users to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
Apache Http Server 2.0.42
Apache Http Server 2.0.47
Apache Http Server 2.0.50
Apache Http Server 2.0.35
Apache Http Server 2.0.37
Apache Http Server 2.0.44
Apache Http Server 2.0.39
Apache Http Server 2.0.52
Apache Http Server 2.0.53
Apache Http Server 2.0.51
Apache Http Server 2.0.28
Apache Http Server 2.0.41
Apache Http Server 2.0.49
Apache Http Server 2.0.9
Apache Http Server 2.0.32
Apache Http Server 2.0.38
Apache Http Server 2.0.48
Apache Http Server 2.0.45
Apache Http Server 2.0.40
Apache Http Server 2.0.36
Apache Http Server 2.0.46
Apache Http Server 2.0.43
5
CVSSv2
CVE-2005-1268
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote malicious users to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
Apache Http Server
Redhat Enterprise Linux Desktop 3.0
Redhat Enterprise Linux Desktop 4.0
Redhat Enterprise Linux Server 4.0
Redhat Enterprise Linux Workstation 4.0
Redhat Enterprise Linux Workstation 3.0
Redhat Enterprise Linux Server 3.0
Debian Debian Linux 3.1
5
CVSSv2
CVE-2005-1108
The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote malicious users to overwrite the referrer field via a crafted HTTP request.
Junkbuster Internet Junkbuster 2.0.2 R2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »