MidnightBSD

Advisories for apsis

CVE-2004-2026 HIGH

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apsis pound 1.3
apsis pound 1.1
apsis pound 1.5
apsis pound 1.4
apsis pound 1.2
apsis pound 1.0
CVE-2005-1391 HIGH

Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apsis pound 1.8.2
CVE-2005-3751 MEDIUM

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apsis pound *
CVE-2016-10711 HIGH

Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-444,

Products Affected

Vendor Product Version
debian debian_linux 7.0
apsis pound *
CVE-2018-21245 MEDIUM

Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
apsis pound *