Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by apsis
CVE-2018-21245 (GCVE-0-2018-21245)
Vulnerability from cvelistv5 – Published: 2020-06-15 16:50 – Updated: 2024-08-05 12:26
VLAI
Summary
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://admin.hostpoint.ch/pipermail/pound_apsis.… | x_refsource_MISC |
| https://bugs.gentoo.org/714084 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/714084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-22T12:32:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/714084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-21245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html",
"refsource": "MISC",
"url": "https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html"
},
{
"name": "https://bugs.gentoo.org/714084",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/714084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-21245",
"datePublished": "2020-06-15T16:50:38.000Z",
"dateReserved": "2020-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:26:39.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10711 (GCVE-0-2016-10711)
Vulnerability from cvelistv5 – Published: 2018-01-29 20:00 – Updated: 2024-08-06 03:30
VLAI
Summary
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.apsis.ch/pound/pound_list/archive/2016… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
Date Public
2018-01-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:30:20.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000"
},
{
"name": "[debian-lts-announce] 20180212 [SECURITY] [DLA 1280-1] pound security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00015.html"
},
{
"name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2196-1] pound security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00028.html"
},
{
"name": "[debian-lts-announce] 20200503 [SECURITY] [DLA 2196-2] pound regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-03T19:06:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000"
},
{
"name": "[debian-lts-announce] 20180212 [SECURITY] [DLA 1280-1] pound security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00015.html"
},
{
"name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2196-1] pound security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00028.html"
},
{
"name": "[debian-lts-announce] 20200503 [SECURITY] [DLA 2196-2] pound regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000",
"refsource": "CONFIRM",
"url": "http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000"
},
{
"name": "[debian-lts-announce] 20180212 [SECURITY] [DLA 1280-1] pound security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00015.html"
},
{
"name": "[debian-lts-announce] 20200430 [SECURITY] [DLA 2196-1] pound security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00028.html"
},
{
"name": "[debian-lts-announce] 20200503 [SECURITY] [DLA 2196-2] pound regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10711",
"datePublished": "2018-01-29T20:00:00.000Z",
"dateReserved": "2018-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:30:20.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3751 (GCVE-0-2005-3751)
Vulnerability from cvelistv5 – Published: 2005-11-22 20:00 – Updated: 2024-08-07 23:24
VLAI
Summary
HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2005/dsa-934 | vendor-advisoryx_refsource_DEBIAN |
| http://secunia.com/advisories/18367 | third-party-advisoryx_refsource_SECUNIA |
| http://www.novell.com/linux/security/advisories/2… | vendor-advisoryx_refsource_SUSE |
| http://www.apsis.ch/pound/pound_list/archive/2005… | mailing-listx_refsource_MLIST |
| http://www.gentoo.org/security/en/glsa/glsa-20060… | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/20215 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/18381 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/20510 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-10-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-934"
},
{
"name": "18367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18367"
},
{
"name": "SUSE-SR:2006:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"
},
{
"name": "[pound-list] 20051020 ANNOUNCE: Pound - reverse proxy and load balancer - v1.9.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000"
},
{
"name": "GLSA-200606-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml"
},
{
"name": "20215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20215"
},
{
"name": "18381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18381"
},
{
"name": "20510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20510"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-12T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-934"
},
{
"name": "18367",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18367"
},
{
"name": "SUSE-SR:2006:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"
},
{
"name": "[pound-list] 20051020 ANNOUNCE: Pound - reverse proxy and load balancer - v1.9.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000"
},
{
"name": "GLSA-200606-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml"
},
{
"name": "20215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20215"
},
{
"name": "18381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18381"
},
{
"name": "20510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20510"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-934",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-934"
},
{
"name": "18367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18367"
},
{
"name": "SUSE-SR:2006:011",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"
},
{
"name": "[pound-list] 20051020 ANNOUNCE: Pound - reverse proxy and load balancer - v1.9.4",
"refsource": "MLIST",
"url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000"
},
{
"name": "GLSA-200606-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml"
},
{
"name": "20215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20215"
},
{
"name": "18381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18381"
},
{
"name": "20510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20510"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3751",
"datePublished": "2005-11-22T20:00:00.000Z",
"dateReserved": "2005-11-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:24:36.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2026 (GCVE-0-2004-2026)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:15
VLAI
Summary
Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.apsis.ch/pound/pound_list/archive/2003… | x_refsource_CONFIRM |
| http://securitytracker.com/id?1010034 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/11528 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/5746 | vdb-entryx_refsource_OSVDB |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://security.gentoo.org/glsa/glsa-200405-08.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.securityfocus.com/bid/10267 | vdb-entryx_refsource_BID |
Date Public
2004-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000"
},
{
"name": "1010034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010034"
},
{
"name": "11528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11528"
},
{
"name": "5746",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5746"
},
{
"name": "20040507 Pound \u003c=1.5 Remote Exploit (Format string bug)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.html"
},
{
"name": "pound-logmsg-format-string(16033)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16033"
},
{
"name": "GLSA-200405-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-08.xml"
},
{
"name": "10267",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10267"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000"
},
{
"name": "1010034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010034"
},
{
"name": "11528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11528"
},
{
"name": "5746",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5746"
},
{
"name": "20040507 Pound \u003c=1.5 Remote Exploit (Format string bug)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.html"
},
{
"name": "pound-logmsg-format-string(16033)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16033"
},
{
"name": "GLSA-200405-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-08.xml"
},
{
"name": "10267",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10267"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000",
"refsource": "CONFIRM",
"url": "http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000"
},
{
"name": "1010034",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010034"
},
{
"name": "11528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11528"
},
{
"name": "5746",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5746"
},
{
"name": "20040507 Pound \u003c=1.5 Remote Exploit (Format string bug)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.html"
},
{
"name": "pound-logmsg-format-string(16033)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16033"
},
{
"name": "GLSA-200405-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-08.xml"
},
{
"name": "10267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10267"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2026",
"datePublished": "2005-05-10T04:00:00.000Z",
"dateReserved": "2005-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:15:01.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1391 (GCVE-0-2005-1391)
Vulnerability from cvelistv5 – Published: 2005-05-02 04:00 – Updated: 2024-08-07 21:51
VLAI
Summary
Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2005/dsa-934 | vendor-advisoryx_refsource_DEBIAN |
| http://securitytracker.com/id?1013824 | vdb-entryx_refsource_SECTRACK |
| http://www.apsis.ch/pound/pound_list/archive/2005… | mailing-listx_refsource_MLIST |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852 | x_refsource_MISC |
| http://www.osvdb.org/15963 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/15202 | third-party-advisoryx_refsource_SECUNIA |
| http://security.gentoo.org/glsa/glsa-200504-29.xml | vendor-advisoryx_refsource_GENTOO |
| http://www.vupen.com/english/advisories/2005/0437 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/15679 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/13436 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/18381 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/15142 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:48.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-934"
},
{
"name": "1013824",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013824"
},
{
"name": "[pound_list] 20050426 remote buffer overflow in pound 1.8.2 + question abotu Host header",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-04/1114516112000"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852"
},
{
"name": "15963",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/15963"
},
{
"name": "15202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15202"
},
{
"name": "GLSA-200504-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200504-29.xml"
},
{
"name": "ADV-2005-0437",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/0437"
},
{
"name": "15679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15679"
},
{
"name": "pound-addport-bo(20316)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20316"
},
{
"name": "13436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13436"
},
{
"name": "18381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18381"
},
{
"name": "15142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15142"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-934",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-934"
},
{
"name": "1013824",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013824"
},
{
"name": "[pound_list] 20050426 remote buffer overflow in pound 1.8.2 + question abotu Host header",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-04/1114516112000"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852"
},
{
"name": "15963",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/15963"
},
{
"name": "15202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15202"
},
{
"name": "GLSA-200504-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200504-29.xml"
},
{
"name": "ADV-2005-0437",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/0437"
},
{
"name": "15679",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15679"
},
{
"name": "pound-addport-bo(20316)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20316"
},
{
"name": "13436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13436"
},
{
"name": "18381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18381"
},
{
"name": "15142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15142"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-934",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-934"
},
{
"name": "1013824",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013824"
},
{
"name": "[pound_list] 20050426 remote buffer overflow in pound 1.8.2 + question abotu Host header",
"refsource": "MLIST",
"url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-04/1114516112000"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852"
},
{
"name": "15963",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15963"
},
{
"name": "15202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15202"
},
{
"name": "GLSA-200504-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200504-29.xml"
},
{
"name": "ADV-2005-0437",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0437"
},
{
"name": "15679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15679"
},
{
"name": "pound-addport-bo(20316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20316"
},
{
"name": "13436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13436"
},
{
"name": "18381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18381"
},
{
"name": "15142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15142"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1391",
"datePublished": "2005-05-02T04:00:00.000Z",
"dateReserved": "2005-05-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:51:48.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}