181 matches found
Demystifying API Rate Limiting
APIs are the “digital glue” that integrates and connects infrastructure, services, devices, and users. With the proliferation of APIs in almost every organization, it‘s essential to have a mechanism in place to manage and govern them. That’s why we introduced Akamai API Gateway, which makes it...
CVE-2018-0271
A vulnerability in the API gateway of the Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could...
CVE-2018-0271
A vulnerability in the API gateway of the Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could...
Authentication flaw
A vulnerability in the API gateway of the Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could...
CVE-2018-0271
A vulnerability in the API gateway of the Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could...
Cisco Digital Network Architecture Center Authentication Bypass Vulnerability
A vulnerability in the API gateway of the Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could...
How to Protect AWS API Gateway with SecureSphere WAF
Serverless architectures are becoming more and more popular, and Amazon’s API Gateway service is a key factor in many serverless deployments on AWS. Currently API Gateway only supports a public CloudFront endpoint, and securing the API Gateway with high-end WAF protection may seem like a difficul...
CVE-2017-3601
Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware subcomponent: Oracle API Gateway. The supported version that is affected is 11.1.2.4.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle API Gateway...
CVE-2017-3601
Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware subcomponent: Oracle API Gateway. The supported version that is affected is 11.1.2.4.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle API Gateway...
Design/Logic Flaw
Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware subcomponent: Oracle API Gateway. The supported version that is affected is 11.1.2.4.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle API Gateway...
CVE-2017-3601
CVE-2017-3601 affects Oracle Fusion Middleware's Oracle API Gateway (subcomponent Oracle API Gateway), specifically version 11.1.2.4.0. The vulnerability is exploitable over a network via HTTP and can be triggered by an unauthenticated attacker, with user interaction required for exploitation. Su...
CVE-2017-3601
Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware subcomponent: Oracle API Gateway. The supported version that is affected is 11.1.2.4.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle API Gateway...
CVE-2017-3601
Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware subcomponent: Oracle API Gateway. The supported version that is affected is 11.1.2.4.0. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle API Gateway...
Computer Associates (Layer7) API Gateway 7 / 8 / 9 CRLF Response Splitting / Directory Traversal
https://www.osisecurity.com.au/computer-associates-api-gateway-crlf-response-splitting-directory-traversal-vulnerabilities.html Date: 04-Apr-2017 Product: Computer Associates Layer7 API Gateway Versions affected: v7, v8, v9 Vulnerabilities: 1 CRLF Response Splitting...
Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability
Description Novell NetIQ Sentinel is prone to a security vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Novell NetIQ Sentinel version 7.4x are vulnerable. Technologies Affected Apache Commons FileUpload 1.0...
CVE-2016-3118
CRLF injection vulnerability in CA API Gateway formerly Layer7 API Gateway 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors...
CVE-2016-3118
CRLF injection vulnerability in CA API Gateway formerly Layer7 API Gateway 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors...
Crlf injection
CRLF injection vulnerability in CA API Gateway formerly Layer7 API Gateway 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors...
CVE-2016-3118
CA API Gateway (formerly Layer7 API Gateway) is affected by a CRLF injection vulnerability identified as CVE-2016-3118. The affected product ranges are CA API Gateway 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01. The vulnerability allows remote attackers to cause an uns...
CVE-2016-3118
CRLF injection vulnerability in CA API Gateway formerly Layer7 API Gateway 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors...