PT-2025-16239 · Libsoup +9 · Libsoup +9

Name of the Vulnerable Software and Affected Versions: libsoup affected versions not specified Description: A flaw was found in the implementation of HTTP range requests in libsoup, making it vulnerable to a resource consumption attack. This allows a malicious client to request the same range man...

Rocky Linux 8 : squid:4 (RLSA-2021:4292)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4292 advisory. - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a...

Amazon Linux 2 : squid (ALASSQUID4-2023-004)

The version of squid installed on the remote host is prior to 4.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2SQUID4-2023-004 advisory. Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an...

GHSA-VJ2M-9F5J-MPR5 Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware

Vapor is an HTTP web framework for Swift and middleware is a logic chain between the client and a Vapor route handler. FileMiddleware enables the serving of assets from the Public folder of a project to the client. Vapor before 4.60.3 is vulnerable to denial of service due to an integer overflow...

Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware

Vapor is an HTTP web framework for Swift and middleware is a logic chain between the client and a Vapor route handler. FileMiddleware enables the serving of assets from the Public folder of a project to the client. Vapor before 4.60.3 is vulnerable to denial of service due to an integer overflow...

Amazon Linux AMI : squid (ALAS-2023-1687)

The version of squid installed on the remote host is prior to 3.5.20-17.44. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1687 advisory. An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of...

Amazon Linux 2 : squid (ALAS-2023-1950)

The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1950 advisory. An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of...

Medium: squid

Issue Overview: An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can...

SUSE CVE-2021-31806

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack against all clients using the proxy via HTTP Range request processing...

SUSE CVE-2021-31807

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...

Authorization Bypass

modsecurity-crs:sid is vulnerable to authorization bypass. The vulnerability exists due to repeated payloads with a HTTP range header field, allowing an attacker to do a response body bypass by accessing to restricted resources...

CVE-2022-39958

A flaw was found in the OWASP ModSecurity Core Rule Set. Repeated payloads with a HTTP range header field with a small byte range allows a response body bypass, resulting in access to restricted resources...

OESA-2022-1970 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range...

CVE-2022-39958

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

DEBIAN-CVE-2022-39958

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

CVE-2022-39958

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

CVE-2022-39958

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

CVE-2022-39958

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...

CVE-2022-39958

The CVE-2022-39958 issue affects the OWASP ModSecurity Core Rule Set (CRS) and enables a response-body bypass that can exfiltrate small data portions by repeatedly issuing HTTP Range requests. Affected legacy CRS: 3.0.x, 3.1.x; and currently supported: 3.2.1, 3.3.2. Upgrades are recommended to CR...

CVE-2022-39958 Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range

The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be...