Fedora 37 : xen (2023-da8315e641)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-da8315e641 advisory. 3 security issues 2180425 x86 shadow plus log-dirty mode use-after-free XSA-427, CVE-2022-42332 x86/HVM pinned cache attributes mis-handling XSA-428...

CVE-2022-42334

CVE-2022-42334 concerns the Xen hypervisor: a mis-handling in the HVM cache attributes interface used to override defaults for passed‑through devices. The root cause described across connected sources is unbounded control region creation and a lack of proper serialization for installation/removal...

SUSE CVE-2007-1863

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

SUSE CVE-2014-1418

Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the 1 Vary: Cookie or 2 Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers...

SUSE CVE-2014-2915

Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service host or guest crash via unspecified vectors, related to 1 cache control, 2 coprocessors, 3 debug registers, and 4 other unspecified registers...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. PoC Run the following script in...

Interesting new filters on Spring Cloud Gateway 4.0

Spring Cloud Gateway 4.0 is finally here! Thanks to our community contributions we have introduced new features and interesting filters. This blog post details new noteworthy and explains some of the new filters included, how they work and how you can use it to provide more insights into your...

HTTP Request Smuggling

apollo-server is vulnerable to HTTP request smuggling. The vulnerability exists because the library does not properly set the cache-control response header in the batched HTTP requests, allowing an attacker to smuggle HTTP requests...

GHSA-8R69-3CVP-WXC3 Batched HTTP requests may set incorrect `cache-control` response header

Impact In Apollo Server 3 and 4, the cache-control HTTP response header may not reflect the cache policy that should apply to an HTTP request when that HTTP request contains multiple operations using HTTP batching. This could lead to data being inappropriately cached and shared. Apollo Server...

Batched HTTP requests may set incorrect `cache-control` response header

Impact In Apollo Server 3 and 4, the cache-control HTTP response header may not reflect the cache policy that should apply to an HTTP request when that HTTP request contains multiple operations using HTTP batching. This could lead to data being inappropriately cached and shared. Apollo Server...

Batched HTTP requests may set incorrect `cache-control` response header

Impact In Apollo Server 3 and 4, the cache-control HTTP response header may not reflect the cache policy that should apply to an HTTP request when that HTTP request contains multiple operations using HTTP batching. This could lead to data being inappropriately cached and shared. Apollo Server...

PT-2022-28222 · Unknown · Apollo Server

Name of the Vulnerable Software and Affected Versions: Apollo Server versions 3.0.0 through 3.10.0 Apollo Server versions 4.0.0 through 4.0.0 Description: The cache-control HTTP response header may not reflect the cache policy for HTTP requests with multiple operations using HTTP batching. This...

Information Disclosure

rdiffweb is vulnerable to information disclosure. The vulnerability exist in empty function in dispatch.py, which allows an unauthenticated attacker to view sensitive information due to improper cache control...

GHSA-7FQM-JM52-F9VC rdiffweb vulnerable to Use of Cache Containing Sensitive Information

rdiffweb prior to version 2.4.9 is vulnerable to Use of Cache Containing Sensitive Information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account. Version 2.4.9 contains a patch for this issue...

PT-2022-21580 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.9 Description: The issue concerns the use of cache containing sensitive information. Due to improper cache control, an attacker can view sensitive information even if they are not logged into an account...

img_auth.php may leak private extension images into the public cache

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the imgauth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

GHSA-VM9C-39JX-Q45W Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy...

Glassdoor: Web Cache Poisoning leads to Stored XSS

@bombon reported to us a web cache poisoning issue that led to caching of gdTokenAnti-CSRF token across different Glassdoor pages and in some instances could be chained to perform XSS by caching the XSS payload. This has now been resolved using CF web cache armor and cache-control headers...

in publify/publify

Description publify does not use secure Cache-Control headers. Proof of Concept 1: Login to application 2: click on admin link https://demo-publify.herokuapp.com/admin 3: Logout 4: Press the back button of the opened tab to still see that you can view the information . Impact This issue is capabl...

in bookstackapp/bookstack

Description Bookstack does not use secure Cache-Control headers. Proof of Concept 1: Login to application 2: View a shelf 3: Logout 4: Press the back button of the opened tab to still see that you can view the information about books previous page of your shelf. Impact This issue is capable of...