httpd: HTTP Response Splitting in multiple modules

A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack...

Varnish Cache和Varnish Enterprise 安全漏洞

Varnish Cache and Varnish Enterprise are both products of Varnish Inc.Varnish Cache is a suite of reverse web caching servers.Varnish Enterprise is a high performance caching software. It is used to handle high traffic and optimize business. A security vulnerability exists in Varnish Cache versio...

CLSA-2024-1732194710 httpd: Fix of 2 CVEs

CVE-2023-38709: faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses - CVE-2024-24795: HTTP response splitting in multiple modules allows an attacker that can inject malicious response headers into backend applications to...

httpd: HTTP Response Splitting in multiple modules

A flaw was found in httpd. An HTTP response splitting in multiple httpd modules may allow an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack...

SUSE CVE-2023-29547

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for...

CLSA-2024-1725382183 httpd: Fix of 2 CVEs

CVE-2023-38709: faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses - CVE-2024-24795: HTTP response splitting in multiple modules allows an attacker that can inject malicious response headers into backend applications to...

kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2327)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.1 : httpd (EulerOS-SA-2024-2168)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 respons...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2215)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2024-2139)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP...

kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

ROS-20240726-05

Apache HTTP Server web server vulnerability is related to failure to take measures to handle sequences of CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely, Perform HTTP response splitting attacks Apache HTTP Server vulnerability is related ...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1910)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2024-21823

Hardware logic with insecure de-synchronization in IntelR DSA and IntelR IAA for some IntelR 4th or 5th generation XeonR processors may allow an authorized user to potentially enable escalation of privilege local access...

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado

Summary When Tornado receives a request with two Transfer-Encoding: chunked headers, it ignores them both. This enables request smuggling when Tornado is deployed behind a proxy server that emits such requests. Pound does this. PoC 0. Install Tornado. 1. Start a simple Tornado server that echoes...

CVE-2024-23316 PingAccess HTTP Request Desynchronization Weakness

HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests...

Ping Identity PingAccess Security Vulnerability

Ping Identity PingAccess is a centralized access security solution with a comprehensive policy engine from Ping Identity, Inc. It is used to provide secure access to applications and Api's up to the Url level and ensures that only authorized users can access the resources they need. A security...