CVE-2024-7207

...

CVE-2024-7207

...

EulerOS 2.0 SP10 : python-pip (EulerOS-SA-2024-2451)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect...

pyload-ng vulnerable to RCE with js2py sandbox escape

Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...

OESA-2024-2103 netty3 security update

Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. Security Fixes: Netty before 4.1.42.Final mishandles whitespac...

Flexense HTTP Server Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flexense HTTP Server Denial Of Service', 'Description' = %q This module triggers a Denial of Service vulnerability in the Flexense HTTP server...

QNAP NAS/NVR Administrator Hash Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'QNAP NAS/NVR Administrator Hash Disclosure', 'Description' = %q This module exploits combined heap and stack buffer overflows for QNAP NAS and NV...

OESA-2024-2068 netty3 security update

Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. Security Fixes: Netty before 4.1.42.Final mishandles whitespac...

OESA-2024-2067 netty3 security update

Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. Security Fixes: Netty before 4.1.42.Final mishandles whitespac...

CRLF Injection in RestSharp's `RestRequest.AddHeader` method

Summary The second argument to RestRequest.AddHeader the header value is vulnerable to CRLF injection. The same applies to RestRequest.AddOrUpdateHeader and RestClient.AddDefaultHeader. Details The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method: This...

EAP: field-name is not parsed in accordance to RFC7230

A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400...

ROS-20240812-07

Squid proxy server vulnerability is related to uncontrolled resource consumption as a result of filtering and data reduction to an unsafe value when processing HTTP header length. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service by...

Information Disclosure

libgrpc.so is vulnerable to Information Disclosure. The vulnerability is due to an error status for a misencoded header not cleared between header reads, resulting in subsequent incrementally indexed added headers in the first request being poisoned until cleared from the HPACK table. This can be...

CVE-2024-7246

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the...

CVE-2024-7246

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the...

CVE-2024-7246

It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the...

PT-2024-38206 · Grpc +2 · Grpc +2

Name of the Vulnerable Software and Affected Versions: gRPC versions prior to 1.58.3 gRPC versions prior to 1.59.5 gRPC versions prior to 1.60.2 gRPC versions prior to 1.61.3 gRPC versions prior to 1.62.3 gRPC versions prior to 1.63.2 gRPC versions prior to 1.64.3 gRPC versions prior to 1.65.4...

IBM Aspera Orchestrator HTTP Header Injection Vulnerability

IBM Aspera Orchestrator is a Web-based application from International Business Machines IBM, Inc. It can provide data-driven organizations with an efficient document processing pipeline. An HTTP header injection vulnerability exists in IBM Aspera Orchestrator version 4.0.1, which can be exploited...

CVE-2023-26289

IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Forc...

CVE-2023-26289 IBM Aspera Orchestrator HTTP header injection

IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Forc...