CVSS: 7.5EPSS: 89%CPEs: 76EXPL: 1CVE-2013-5704 – httpd: bypass of mod_headers rules via chunked requests
https://notcve.org/view.php?id=CVE-2013-5704
15 Apr 2014 — The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." El módulo mod_headers en el servidor de Apache HTTP 2.2.22 permite a atacantes remotos evadir directivas "RequestHeader unset" mediante la colocación de una cabera en la porción "trailer" de datos enviados con codificación de tran... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 23EXPL: 0CVE-2014-1490 – nss: TOCTOU, potential use-after-free in libssl's session ticket processing (MFSA 2014-12)
https://notcve.org/view.php?id=CVE-2014-1490
06 Feb 2014 — Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. Condición de carrera en libssl en Mozilla Network Security Services (NSS) ant... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2014-1491 – nss: Do not allow p-1 as a public DH value (MFSA 2014-12)
https://notcve.org/view.php?id=CVE-2014-1491
06 Feb 2014 — Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. Mozilla Network Security Services (NSS) anterior a 3.15.4, utilizado en Mozilla Firefox anterior a ... • http://hg.mozilla.org/projects/nss/rev/12c42006aed8 • CWE-326: Inadequate Encryption Strength CWE-358: Improperly Implemented Security Check for Standard •