CVE-2022-31043 Fix failure to strip Authorization header on HTTP downgrade in Guzzle

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...

Atlassian Confluence Namespace OGNL Injection

This module exploits an OGNL injection in Atlassian Confluence servers. A specially crafted URI can be used to evaluate an OGNL expression resulting in OS command execution. Module Options msf use exploit/multi/http/atlassianconfluencenamespaceognlinjection msf...

Guzzle Information Disclosure Vulnerability

Guzzle is a PHP HTTP client for guzzle individual developers that makes it easy to send HTTP requests and easily integrate with web services. An information disclosure vulnerability exists in Guzzle versions prior to 7.4.3, and prior to 6.5.6, which stems from a vulnerability that allows a...

CVE-2022-29248

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

Design/Logic Flaw

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

CVE-2022-29248

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

CVE-2022-29248

Guzzle prior to 6.5.6 and 7.4.3 exposed a cookie-domain validation flaw in the cookie middleware: a response Set-Cookie header could set cookies for unrelated domains if the cookie middleware was enabled (or cookies => true) and the client reused a single Guzzle instance across domains. The co...

CVE-2022-29248

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

Drupal 9.2.x < 9.2.20 / 9.3.x < 9.3.14 Drupal Vulnerability (SA-CORE-2022-010)

According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.20 or 9.3.x prior to 9.3.14. It is, therefore, affected by a vulnerability. - Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with t...

CVE-2022-29248 Cross-domain cookie leakage in Guzzle

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

Oracle Linux 8 : python27:2.7 (ELSA-2022-1821)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1821 advisory. - Security fix for CVE-2022-0391: urlparse does not sanitize URLs containing ASCII newline and tabs Resolves: rhbz2047376 - Security fix for...

Oracle Linux 8 : python3 (ELSA-2022-1986)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1986 advisory. - Security fix for CVE-2021-4189: ftplib should not use the host from the PASV response Resolves: rhbz2036020 Tenable has extracted the preceding...

GHSA-C82R-QG3W-Q5MV Apache Solr insecure inter-node communication

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...

au.com.dius.pact:au.com.dius.pact.gradle.plugin (>=2.1.1 <=2.1.12), au.com.dius:pact-jvm-consumer-groovy-v3_2.10 (>=2.2.11 <=2.2.15) +1354 more potentially affected by CVE-2013-7397 via com.ning:async-http-client (>=1.0.0 <=1.9.0-BETA6)

com.ning:async-http-client MAVEN version =1.0.0, =2.1.1, =2.2.11, =2.2.11, =2.0.0, =2.0.0, =2.0-RC3, =2.0.0, =2.0.0, =2.0.4, =2.0-RC3, =2.0.0, =1.11, =2.0.0, =2.0.5, =2.0.5, =3.2.1 and more Source cves: CVE-2013-7397 Source advisory: OSV:GHSA-8H53-FJGG-G42G...

au.com.dius.pact:au.com.dius.pact.gradle.plugin (>=2.1.1 <=2.1.12), au.com.dius:pact-jvm-consumer-groovy-v3_2.10 (>=2.2.11 <=2.2.15) +1354 more potentially affected by CVE-2013-7398 via com.ning:async-http-client (>=1.0.0 <=1.9.0-BETA6)

com.ning:async-http-client MAVEN version =1.0.0, =2.1.1, =2.2.11, =2.2.11, =2.0.0, =2.0.0, =2.0-RC3, =2.0.0, =2.0.0, =2.0.4, =2.0-RC3, =2.0.0, =1.11, =2.0.0, =2.0.5, =2.0.5, =3.2.1 and more Source cves: CVE-2013-7398 Source advisory: OSV:GHSA-5C66-6H6G-6Q6M...

Insufficient Verification of Data Authenticity in Async Http Client

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client aka AHC or async-http-client before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate...

Insufficient Verification of Data Authenticity in Async Http Client

Async Http Client aka AHC or async-http-client before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a...

GHSA-5C66-6H6G-6Q6M Insufficient Verification of Data Authenticity in Async Http Client

main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client aka AHC or async-http-client before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate...

GHSA-8H53-FJGG-G42G Insufficient Verification of Data Authenticity in Async Http Client

Async Http Client aka AHC or async-http-client before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a...