44 matches found
CVE-2023-37516
Missing "no cache" headers in HCL Leap permits user directory information to be cached...
CVE-2024-30127
Missing "no cache" headers in HCL Leap permits sensitive data to be cached...
CVE-2024-30127
Missing "no cache" headers in HCL Leap permits sensitive data to be cached...
CVE-2023-37516 HCL Leap is affected by missing "no cache" headers
Missing "no cache" headers in HCL Leap permits user directory information to be cached...
CVE-2023-37516 HCL Leap is affected by missing "no cache" headers
Missing "no cache" headers in HCL Leap permits user directory information to be cached...
CVE-2023-37516
CVE-2023-37516 affects HCL Leap; the root cause is missing no-cache headers, which permits caching of user directory information. The vulnerability is described with a CVSSv3.1 base score of 3.2 (LOW) with LOCAL attack vector, requiring user interaction and low privileges. There is no explicit ex...
CVE-2024-30127 HCL Leap is affected by missing "no cache" headers
Missing "no cache" headers in HCL Leap permits sensitive data to be cached...
CVE-2024-30127 HCL Leap is affected by missing "no cache" headers
Missing "no cache" headers in HCL Leap permits sensitive data to be cached...
PT-2025-17854 · Hcl · Hcl Leap
Name of the Vulnerable Software and Affected Versions: HCL Leap affected versions not specified Description: The issue is related to missing "no cache" headers in HCL Leap, which allows user directory information to be cached. Recommendations: At the moment, there is no information about a newer...
PT-2024-31566 · Pypi · Flask-Appbuilder
Name of the Vulnerable Software and Affected Versions: Flask-AppBuilder versions prior to 4.5.1 Description: The auth DB login form default cache directives in Flask-AppBuilder allow browsers to locally store sensitive data. This can be an issue in environments using shared computer resources...
SUSE CVE-2023-5824
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...
CVE-2019-19326
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return...
CVE-2019-19326
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return...
Design/Logic Flaw
Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return...
CVE-2019-19000
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP headers have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information...
Information disclosure
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end...
CVE-2020-10110
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end...
PT-2020-11932 · Citrix · Citrix Adc +1
Name of the Vulnerable Software and Affected Versions: Citrix Gateway versions 11.1 through 12.1 Description: The issue allows Information Exposure Through Caching. The Via header lists cache protocols and recipients between the start and end points for a request or a response. The Age header...
UBUNTU-CVE-2013-4572
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user...
Debian Security Advisory DSA 2891-1 (mediawiki, mediawiki-extensions - security update)
Several vulnerabilities were discovered in MediaWiki, a wiki engine. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-2031 Cross-site scripting attack via valid UTF-7 encoded sequences in a SVG file. CVE-2013-4567 & CVE-2013-4568 Kevin Israel Wikipedia us...