174 matches found
CVE-2023-46724
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to...
CVE-2023-46724
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to...
CVE-2023-46724
CVE-2023-46724 : Squid exposes a Denial of Service via improper validation of certificate indices during TLS handshakes when built with OpenSSL. A remote server can disrupt HTTPS/SSL-Bump traffic by presenting a crafted server certificate in the chain. Affected: Squid versions 3.3.0.1–5.9 and 6.0...
A remote attacker can supply specially crafted transfer-encoding chunks to Eclipse Jetty that may bypass the authorization checks of an intermediary caching proxy.
In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...
Debian dla-3536 : python-flask - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3536 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3536-1 [email protected] https://www.debian.org/lts/security/...
openSUSE 15 Security Update : python-Flask (SUSE-SU-2023:2263-2)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:2263-2 advisory. - Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may...
Debian DSA-5442-1 : flask - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5442 advisory. It was discovered that in some conditions the Flask web framework may disclose a session cookie. For the oldstable distribution bullseye, this problem has been fixed in...
flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header
A flaw was found in the Python Flask package. A cached response may contain data for one client sent by a proxy to other clients, including session cookies, resulting in the compromise of data confidentiality contained in the leak requests or cookies. This happens when the following conditions ar...
Denial Of Service (DoS)
spring-boot-autoconfigure is vulnerable to Denial Of Service DoS. The vulnerability is applicable when the application has Spring MVC auto-configuration enabled and uses the Spring Boot welcome page, which can be either static or templated, and the application is deployed behind a proxy which...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Flask vulnerability (USN-6111-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6111-1 advisory. It was discovered that Flask incorrectly handled certain data responses. An attacker could possibly use this issue to expose sensitive...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Flask (SUSE-SU-2023:2263-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2263-1 advisory. - Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a...
SUSE CVE-2023-30861
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
AZL-43798 CVE-2023-30861 affecting package python-flask 1.1.1-4
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
AZL-44718 CVE-2023-30861 affecting package python-flask 1.1.1-4
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
DEBIAN-CVE-2023-30861
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
UBUNTU-CVE-2023-30861
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
PYSEC-2023-62
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
Design/Logic Flaw
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
CVE-2023-30861 Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...
CVE-2023-30861 Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches Set-Cookie headers, it may send one client's session...