293 matches found
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
SUSE-SU-2025:02682-1 Security update for apache2
This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. bsc1246477 - CVE-2024-43204: Fixed a SSRF when modproxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. bsc1246305 - CVE-2024-47252: Fixed insufficie...
CVE-2024-23316
HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests...
CVE-2025-47905
A vulnerability was found in Varnish Cache. This vulnerability may allow request smuggling attacks, where a malicious actor can craft seemingly legitimate HTTP requests. This issue could result in an unspecified system caching incorrect content that can expose confidential information. Mitigation...
Privilege Desynchronization: Cross-Privilege Spectre Attacks with Branch Privilege Injection
AMD ID: AMD-SB-7030 Potential Impact: N/A Severity: N/A Summary Researchers from ETH Zurich have provided AMD with a paper titled “Privilege Desynchronization: Cross-Privilege Spectre Attacks with Branch Privilege Injection.” AMD reviewed the paper and believes that this vulnerability does not...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an uninitialized work structure resulting in a desynchronization warning...
Panic in mp3-metadata due to the lack of bounds checking
The getid3 methods used by mp3metadata::readfromslice does not perform adequate bounds checking when recreating the tag due to the use of desynchronization. Fixed in Fix index error, released as part of 0.4.0...
PT-2025-19406 · Crates.Io · Mp3-Metadata
The get id3 methods used by mp3 metadata::read from slice does not perform adequate bounds checking when recreating the tag due to the use of desynchronization. Fixed in Fix index error, released as part of 0.4.0...
PT-2025-19692 · Crates.Io · Mp3-Metadata
The get id3 methods used by mp3 metadata::read from slice does not perform adequate bounds checking when recreating the tag due to the use of desynchronization. Fixed in Fix index error, released as part of 0.4.0...
httpd: HTTP Response Splitting in multiple modules
A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack...