Apsis Pound vulnerabilities

CVE-2018-21245 [CRITICAL] CVE-2018-21245: Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711. Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.

CVE-2016-10711 [CRITICAL] CWE-444 CVE-2016-10711: Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.

CVE-2014-3566 [LOW] CVE-2014-3566: The SSL protocol 3 The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

CVE-2012-4929 [LOW] CVE-2012-4929: The TLS protocol 1 The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.

CVE-2011-3389 [MEDIUM] CVE-2011-3389: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and o The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via

CVE-2009-3555 [MEDIUM] CVE-2009-3555: The TLS protocol, and the SSL protocol 3 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, whic

CVE-2005-3751 [MEDIUM] CVE-2005-3751: HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web cac HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.

CVE-2005-1391 [HIGH] CVE-2005-1391: Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header.

CVE-2004-2026 [HIGH] CVE-2004-2026: Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.