ALPINE-CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

Denial Of Service (DoS)

waitress is vulnerable to denial of service DoS. The vulnerability exists as catastrophic backtracking could occur through the use of a greedy regular expression that does not conform to RFC7230, and subsequently used to validate HTTP headers...

Information disclosure

Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers...

CVE-2013-2674

Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers...

HTTP Request Smuggling

netty-codec-http is vulnerable to HTTP request smuggling. The library does not detect if a colon is missing when parsing HTTP headers. This allows an attacker to smuggle HTTP requests via an invalid line fold...

UBUNTU-CVE-2015-3154

CRLF injection vulnerability in Zend\Mail ZendMail in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email...

Crlf injection

CRLF injection vulnerability in Zend\Mail ZendMail in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email...

CVE-2015-3154

CRLF injection vulnerability in Zend\Mail ZendMail in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email...

Design/Logic Flaw

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...

Huawei EulerOS: Security Advisory for wget (EulerOS-SA-2019-2198)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Corsy v1.0 - CORS Misconfiguration Scanner

Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Requirements Corsy only works with Python 3 and has the following depencies: tld requests To install these dependencies, navigate to Corsy directory and execute pip3 install -r requirements.txt Usag...

golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling

It was discovered that net/http through net/textproto in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or ...

Content Delivery Networks handle HTTP headers in different and unexpected ways

Overview A Content Delivery Network CDN is a distributed network of proxy servers that deliver web content collected from a back end web server using a temporary local storage called a cache. HTTP cache poisoning is a type of attack that allows a remote attacker to inject arbitrary content using...

openSUSE: Security Advisory for go1.12 (openSUSE-SU-2019:2522-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GHSA-968F-66R5-5V74 HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers (Follow-up)

Impact The patches introduced to fix https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 were not complete and still would allow an attacker to smuggle requests/split a HTTP request with invalid data. This updates the existing CVE with ID: CVE-2019-16789 Patches Waitress...

Debian DSA-4597-1 : netty - security update

It was reported that Netty, a Java NIO client/server framework, is prone to a HTTP request smuggling vulnerability due to mishandling whitespace before the colon in HTTP headers. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Updated ruby packages fix security vulnerabilities

Updated ruby packages fix security vulnerabilities: It was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this issue to pass path matching what can lead to an unauthorized access CVE-2019-15845. It was discovered that Ruby incorrectly handled certain regula...

Security Bulletin: IBM Transparent Cloud Tiering is affected by Netty vulnerability

Summary The Netty library is vulnerable affecting the IBM Transparent Cloud Tiering. IBM Transparent Cloud Tiering fixed the below CVE. Vulnerability Details CVEID: CVE-2019-16869 DESCRIPTION: Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a...

Security Bulletin: A cross site scripting security vulnerability has been identified with Case Builder component shipped with IBM Business Automation Workflow (CVE-2019-4426)

Summary Case Builder component shipped with IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

Description of the security update for SharePoint Server 2019: November 12, 2019

Description of the security update for SharePoint Server 2019: November 12, 2019 Summary This security update resolves an information disclosure vulnerability that exists in Microsoft SharePoint if an attacker uploads a specially crafted file to the SharePoint Server. To learn more about the...