The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of HTTP protocol

HTTP/2: multiple vulnerabilities
An attacker can use several vulnerabilities of HTTP/2...
1072144, 1072860, 1167160, 6198380, bulletinoct2019, CERTFR-2019-AVI-389, cpuapr2020, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, DSA-4503-1, DSA-4505-1, DSA-4508-1, DSA-4511-1, DSA-4520-1, DSA-4669-1, FEDORA-2019-1686ae9b59, FEDORA-2019-5a6a7bc12c, FEDORA-2019-63ba15cc83, FEDORA-2019-7443ebda4b, FEDORA-2019-81985a8858, FEDORA-2019-8a437d5c2f, FEDORA-2019-befd924cfe, HT210436, NFLX-2019-002, openSUSE-SU-2019:2000-1, openSUSE-SU-2019:2051-1, openSUSE-SU-2019:2056-1, openSUSE-SU-2019:2072-1, openSUSE-SU-2019:2085-1, openSUSE-SU-2019:2114-1, openSUSE-SU-2019:2115-1, openSUSE-SU-2019:2120-1, openSUSE-SU-2019:2130-1, openSUSE-SU-2019:2232-1, openSUSE-SU-2019:2234-1, openSUSE-SU-2019:2264-1, RHSA-2019:2692-01, RHSA-2019:2726-01, RHSA-2019:2745-01, RHSA-2019:2746-01, RHSA-2019:2775-01, RHSA-2019:2799-01, RHSA-2019:2893-01, RHSA-2019:2925-01, RHSA-2019:2939-01, RHSA-2019:2949-01, RHSA-2019:2955-01, RHSA-2019:4018-01, RHSA-2019:4019-01, RHSA-2019:4020-01, RHSA-2019:4021-01, RHSA-2019:4040-01, RHSA-2019:4041-01, RHSA-2019:4042-01, RHSA-2019:4045-01, RHSA-2019:4269-01, RHSA-2019:4273-01, RHSA-2020:0406-01, SSA:2020-091-02, SUSE-SU-2019:2213-1, SUSE-SU-2019:2214-1, SUSE-SU-2019:2237-1, SUSE-SU-2019:2254-1, SUSE-SU-2019:2259-1, SUSE-SU-2019:2260-1, SUSE-SU-2019:2309-1, SUSE-SU-2019:2329-1, SUSE-SU-2019:2473-1, SUSE-SU-2019:2559-1, SUSE-SU-2020:0059-1, Synology-SA-19:33, Synology-SA-19:37, USN-4099-1, USN-4113-1, USN-4113-2, USN-4308-1, VIGILANCE-VUL-30040, VU#605641
HTTP: Man-in-the-Middle via Proxy CONNECT
An attacker can act as a Man-in-the-Middle when an HTTP proxy is configured, in order to obtain passwords of users of this proxy...
FalseCONNECT, VIGILANCE-VUL-20428, VU#905344
HTTPS: Cookie injection
An attacker can inject a cookie in an HTTPS (HTTP+TLS) session, in order to alter the behavior of the web service, if it is not conceived to receive unexpected cookies...
VIGILANCE-VUL-17985, VU#804060
HTTP: incoherent handling of parameters
The HTTP protocol does not define the behavior of web servers when a request contains the same variable several times, which can generate vulnerabilities...
BID-35323, VIGILANCE-VUL-8726
HTTP: capturing a cookie
An attacker can obtain a cookie which does not have the secure attribute...
BID-31321, CERTA-2008-AVI-529, CVE-2008-3663, FEDORA-2008-8559, FEDORA-2008-9071, MDVSA-2009:053, RHSA-2009:0010-01, RHSA-2009:0057-01, SUSE-SR:2008:028, VIGILANCE-VUL-8127
HTTP : injection de réponses
Un attaquant peut injecter des données dans une requête HTTP dans le but de produire deux ou plusieurs réponses HTTP...
20050203-01-U, BID-9804, c01178795, CERTA-2008-AVI-008, CERTA-2009-AVI-032, CVE-2005-0175, CVE-2005-1389-REJECT, CVE-2005-2090, DSA-667, DSA-667-1, FEDORA-2014-13764, FEDORA-2014-13777, FLSA-2006:152809, HPSBUX02262, MDKSA-2005:034, RHSA-2005:060, RHSA-2005:061, RHSA-2008:0261-01, SGI 20050203, SQUID-2005_5, SSRT071447, SUSE-SA:2005:006, TLSA-2005-24, V6-HTTPRESPONSESPLITTING, VIGILANCE-VUL-4047, VU#625878
Utilisation de la méthode TRACE en complément d'une attaque Cross Site Scripting
La méthode HTTP TRACE permet d'obtenir des compléments d'informations suite à une attaque de type Cross Site Scripting...
101176, 102016, 1201202, 200171, 200942, 5063481, 5090761, BEA04-48.00, BEA-048, BID-11604, BID-15222, BID-9506, BID-9561, c00612828, CVE-2004-2320, CVE-2005-3398, HP279, HPSBUX02101, KM03235847, SSRT051128, Sun Alert 50603, Sun Alert 57670, Sun Alert ID 50603, Sun Alert ID 57670, Sun BugID 4808654, Sun BugID 5063481, V6-XSSTRACING, VIGILANCE-VUL-3278, VU#867593
Suivi des sessions des utilisateurs
Lorsque l'utilisateur a désactivé les cookies, un site web peut tout de même lui créer un profil en utilisant les entêtes ETag ou Last-Modified...
V6-HTTPETAGLASTMODSES, VIGILANCE-VUL-3964
Our database contains other pages. You can request a free trial to read them.

Display information about HTTP protocol: