Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Spring-Cloud-Gateway-CVE-2022-22947 Security Notice regardi...

Mule modules contain Directory Traversal

Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway all versions released before August 1, 2019 allow remote attackers to read files accessible to the Mule process...

GHSA-MWH9-GR45-XVV4 Mule modules contain Directory Traversal

Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway all versions released before August 1, 2019 allow remote attackers to read files accessible to the Mule process...

Apache ShenYu Denial of Service Vulnerability

A denial-of-service vulnerability exists in Apache ShenYu, an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation, which stems from a failure to properly handle incoming error messages and can be exploited by attackers to pass in malicious regular...

Security Bulletin: IBM DataPower Gateway API Gateway component potentially vulnerable to a Denial of Service

Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-38872 DESCRIPTION: IBM DataPower Gateway could allow a remote user to cause a denial of service by consuming resources with multiple requests. CVSS Base score: 5.3 CVSS Temporal Score: See:...

Information Leakage Vulnerability in API Gateway Management System of Tech Data Communication Co.

Founded in 1999, Tech Data Xunfei Co., Ltd. is a well-known listed company in the Asia-Pacific region for intelligent speech and artificial intelligence. An information disclosure vulnerability exists in the API gateway management system of KDDI Corporation, which can be exploited by attackers to...

Requests-Ip-Rotator - A Python Library To Utilize AWS API Gateway's Large IP Pool As A Proxy To Generate Pseudo-Infinite IPs For Web Scraping And Brute Forcing

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. This library will allow the user to bypass IP-based rate-limits for sites and services. X-Forwarded-For headers are automatically randomised and applied unles...

Apache Apisix Information Disclosure Vulnerability

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is based on OpenResty and etcd and features dynamic routing and plugin hot-loading for API management in microservices systems. versions prior to Apache Apisix 2.13.1 contain an information...

Poro - Scan Publicly Accessible Assets On Your AWS Cloud Environment

Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databases EC2 instances Redshift Databases Poro also check if a tag you specify is applied to identified public resources using --tag-key and --tag-value arguments...

Apache Apisix Input Validation Error Vulnerability

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is based on OpenResty and etcd, with dynamic routing and plugin hot-loading for API management in microservices systems. An attacker could use this vulnerability to bypass the bodyschema...

Apache ShenYu Access Control Error Vulnerability

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway . An access control error vulnerability exists in Apache ShenYu version 2.4.0 and 2.4.1. An attacker can exploit this vulnerability to access the /plugin api without authentication, compromising system...

Apache Apisix Licensing Issue Vulnerability

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation in the United States. The software is based on OpenResty and etcd for dynamic routing and plug-in hot-loading, and is suitable for API management in microservice systems. an authorization issue...

Symantec Security Advisory for Log4j Vulnerability

Summary Symantec products may be susceptible to a flaw in the Apache Log4j 2 library JNDI lookup mechanism. A remote attacker, who can trigger Log4j to log crafted malicious strings, can execute arbitrary code on the target system. Affected Products The following products and product versions are...

Exploit for Improper Authentication in Apache Shenyu

Apache ShenYu Admin has a vulnerability that allows for authenti...

Apache ShenYu licensing issue vulnerability

Apache ShenYu is an asynchronous, high-performance, cross-language, responsive API gateway from the Apache Foundation.An authorization issue vulnerability exists in Apache ShenYu Admin, which stems from a misuse of JWT in ShenuAdminBootstrap allowing an attacker to bypass authentication. No...

Best practices in WAF gateways to meet the demands of digital transformation

Every day, digital transformation is changing every organization’s threat landscape. As a result, they are facing a dilemma about where and how to deploy their application security solution. One of the most common approaches that organizations take is to deploy a reverse proxy security solution i...

What is API Gateway ❓ How it works ❓

In general, a gateway is a passage that acts as a connector for 2 components to make them achieve certain functionality. API Gateway is not very different. However, it is a crucial topic to understand for many of us. Well, in this article, we have got you covered. Introduction to API Gateway: A...

Exploit for Incorrect Authorization in Konga_Project Konga

Konga Privilege Escalation - CVE-2021-42192 Authenticated Privil...

Design/Logic Flaw

Emissary-Ingress formerly Ambassador API Gateway through 1.13.9 allows attackers to bypass client certificate requirements i.e., mTLS certrequired on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate...

CVE-2021-36371

CVE-2021-36371 is reported for Emissary-Ingress (formerly Ambassador API Gateway). The vulnerability allows bypassing client certificate requirements (mTLS cert_required) on backend upstreams when more than one TLSContext exists and any configuration does not require client cert authentication. T...