Amazon Linux AMI : http-parser (ALAS-2020-1359)

The version of http-parser installed on the remote host is prior to 2.9.3-1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1359 advisory. A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to...

USN-4337-1: OpenJDK vulnerabilities

It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. CVE-2020-2754, CVE-2020-2755 It was discovered that OpenJDK incorrectly handled class...

OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20200421)

Security Fixes : - OpenJDK: Incorrect bounds checks in NIO Buffers Libraries, 8234841 CVE-2020-2803 - OpenJDK: Incorrect type checks in MethodType.readObject Libraries, 8235274 CVE-2020-2805 - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory Security, 8231415...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

Important: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Huawei EulerOS: Security Advisory for http-parser (EulerOS-SA-2020-1486)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

[SECURITY] Fedora 30 Update: haproxy-1.8.25-1.fc30

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

Insecure HTTP Headers

firefox is vulnerable to insecure HTTP headers. The vulnerability exists as a flaw was found in the way Firefox handled pages with multiple Content Security Policy CSP headers. This could lead to a cross-site scripting attack if used in conjunction with a website that has a header injection flaw...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafte...

Denial Of Service (DoS)

squid is vulnerable to denial of service. A flaw was found in the way squid manipulated HTTP headers for cached objects stored in system memory. An attacker could use this flaw to cause a squid child process to exit. This interrupted existing connections and made proxy services unavailable. Note:...

Denial Of Service (DoS)

squid is vulnerable to denial of service. A flaw was found in the way squid stored HTTP headers for cached objects in system memory. An attacker could cause squid to use additional memory, and trigger high CPU usage when processing requests for certain cached objects, possibly leading to a denial...

[SECURITY] Fedora 32 Update: haproxy-2.1.4-1.fc32

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

Design/Logic Flaw

For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP headers have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information...

CVE-2019-19000

ABB eSOMS versions 4.0–6.0.3 are affected by CVE-2019-19000 due to improper configuration of Cache-Control and Pragma HTTP headers in application responses, which can allow browsers/proxies to cache sensitive information. The issue is documented in multiple sources (NVD entry for CVE-2019-19000 a...

httpd: Out of bounds access after failure in reading the HTTP request

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode both log and build level...

CVE-2020-5247

A flaw was discovered in rubygem-puma, where it did not properly forbid untrusted input in a response header. This flaw allows an attacker with the ability to tamper with HTTP headers to insert a new-line and insert malicious content, allowing an HTTP response splitting, which exposes the risk of...

netty: HTTP request smuggling

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...