CVE-2023-26289 IBM Aspera Orchestrator HTTP header injection

IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Forc...

CVE-2023-26289

IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection caused by improper validation of HOST headers. The issue affects IBM Aspera Orchestrator (server-side HTTP code) and can enable cross-site scripting, cache poisoning, or session hijacking, reported with CVSS ~5.4 (Network, Low c...

Security Bulletin: IBM Aspera Orchestrator improved security for its HTTP code base (CVE-2023-26289)

Summary IBM Aspera Orchestrator has addressed a vulnerability related to handling of HTTP headers. Vulnerability Details CVEID:CVE-2023-26289 DESCRIPTION: IBM Aspera Orchestrator is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow a...

Medium: ecs-init

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

CVE-2024-40642

The CVE-2024-40642 issue affects the Netty incubator codec.bhttp BinaryHttpParser in affected releases, where readRequestHead mis-validates input values. This grants attackers significant control over HTTP requests constructed from parsed output, enabling injection attacks such as HTTP request sm...

CVE-2024-30126

HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge...

CVE-2024-30126

CVE-2024-30126 affects HCL BigFix Compliance due to a missing X-Frame-Options HTTP header. The issue enables an attacker to host the target site in a frame/iframe, potentially tricking users into performing actions without their knowledge. Documented impact is limited to framing-related risks; no...

CVE-2024-30126 HCL BigFix Compliance is affected by a missing X-Frame-Options Header vulnerability

HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge...

PT-2024-23200 · Hcl · Hcl Bigfix Compliance

Name of the Vulnerable Software and Affected Versions: HCL BigFix Compliance affected versions not specified Description: The issue is related to a missing X-Frame-Options HTTP header, which can allow an attacker to create a malicious website embedding the target website in a frame or iframe. Thi...

IBM Datacap Navigator HTTP Header Injection Vulnerability

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. IBM Datacap Navigator suffers from an HTTP header injection vulnerability that originates from an input validation error in the HOST header, which can be exploited by an attacker to conduct cross-site...

CVE-2024-39736

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

CVE-2024-39736

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

CVE-2024-39736

IBM Datacap Navigator 9.1.5–9.1.9 is affected by HTTP header injection due to improper validation of HOST headers. The vulnerability allows an attacker to perform cross-site scripting, cache poisoning, or session hijacking against vulnerable systems. Affected product/version: Datacap Navigator 9....

CVE-2024-39736 IBM Datacap Navigator HTTP HOST header injection

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

curl: Denial of Service in curl Request - HTTP headers eat all memory

Vulnerability description not provided...

Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing

Impact In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of Moby Docker Engine prior to 20.10.11 treat the Content-Type...

GHSA-W235-7P84-XX57 Tornado has a CRLF injection in CurlAsyncHTTPClient headers

Summary Tornado’s curlhttpclient.CurlAsyncHTTPClient class is vulnerable to CRLF carriage return/line feed injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return \r or line feed \n characters in the request headers...

RHEL 8 : mod_security_crs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - modsecuritycrs: Content-Type or Content-Transfer-Encoding MIME header fields abuse CVE-2022-39956 - The...

RHEL 7 : xmlrpc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - xmlrpc: Deserialization ...