Amazon Linux AMI : mod24_auth_openidc (ALAS-2019-1300)

A text injection flaw was found in how modauthopenidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs. CVE-2017-6059 It was found that modauthopenidc did not properly sanitize...

CVE-2019-15038

CVE-2019-15038 affects JetBrains TeamCity: the 2018.2.4 server did not set certain security-related HTTP headers, per NVD/Red Hat entries. The issue has been fixed in TeamCity 2019.1 and later. Public documentation also notes that JetBrains tightened HTTP headers as part of the 2019.1 remediation...

CVE-2019-15038

An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1...

Debian DLA-1941-1 : netty security update

Netty mishandled whitespace before the colon in HTTP headers such as a 'Transfer-Encoding : chunked' line, which lead to HTTP request smuggling. For Debian 8 'Jessie', this problem has been fixed in version 1:3.2.6.Final-2+deb8u1. We recommend that you upgrade your netty packages. NOTE: Tenable...

[SECURITY] [DLA 1941-1] netty security update

Package : netty Version : 1:3.2.6.Final-2+deb8u1 CVE ID : CVE-2019-16869 Netty mishandled whitespace before the colon in HTTP headers such as a “Transfer-Encoding : chunked” line, which lead to HTTP request smuggling. For Debian 8 "Jessie", this problem has been fixed in version...

DEBIAN-CVE-2019-16869

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding : chunked" line, which leads to HTTP request smuggling...

CVE-2019-16869

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding : chunked" line, which leads to HTTP request smuggling...

CVE-2019-16869

Netty (Java) is affected by CVE-2019-16869: HTTP request smuggling due to whitespace before the colon in headers (e.g., Transfer-Encoding : chunked). This can allow a crafted request to poison caches, bypass WAFs, and enable related attacks as described. The core issue is in Netty versions before...

CVE-2019-16869

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a "Transfer-Encoding : chunked" line, which leads to HTTP request smuggling...

PT-2019-5206 · Apache +1 · Netty +1

Name of the Vulnerable Software and Affected Versions: Netty versions prior to 4.1.42.Final Description: The issue is related to the incorrect handling of whitespace before the colon in HTTP headers, such as a "Transfer-Encoding : chunked" line. This can lead to HTTP request smuggling, allowing a...

Fixed in ClickHouse Release 19.13.6.1, 2019-09-20​

Table function url had the vulnerability allowed the attacker to inject arbitrary HTTP headers in the request...

Fixed in ClickHouse Release 19.13.6.1, 2019-09-20 

Table function url had the vulnerability allowed the attacker to inject arbitrary HTTP headers in the request...

Updated python-urllib3 packages fix security vulnerability

It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts CVE-2018-20060. It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacke...

Denial Of Service (DoS)

ceph is vulnerable to denial of service. An unauthenticated remote attacker is able to crash the Ceph RGW server by sending valid HTTP headers and terminating the connection...

Scientific Linux Security Update : http-parser on SL7.x x86_64 (20190806)

Security Fixes : - nodejs: Denial of Service with large HTTP headers CVE-2018-12121 - nodejs: HTTP parser allowed for spaces inside Content-Length header values CVE-2018-7159 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include"compat.inc"; if description...

Moderate: Red Hat Security Advisory: http-parser security update

An update for http-parser is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Moodle Filepicker 3.5.2 - Server Side Request Forgery

Moodle Filepicker 3.5.2 - Server Side Request Forgery Exploit Title: Server Side Request Forgery in Moodle Filepicker Google Dork: / Date: 2019-07-25 Exploit Author: Fabian Mosch & Nick Theisinger r-tec IT Security GmbH Vendor Homepage: https://moodle.org/ Software Link:...

CVE-2019-11921

An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. This issue affects versions of proxygen prior to v2019.07.22.00...

CVE-2019-11921

An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. This issue affects versions of proxygen prior to v2019.07.22.00...

Cross site scripting

An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. This issue affects versions of proxygen prior to v2019.07.22.00...