Security Bulletin: IBM Event Streams is affected by Node.js vulnerabilities

Summary IBM Event Streams is affected by the following vulnerabilities in the included Node.js runtime shipped. Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper validation of HTTP headers. By sending headers very slowly...

CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

CVE-2019-3878

The CVE-2019-3878 issue affects mod_auth_mellon for Apache before v0.14.2. When Apache runs as a reverse proxy and mod_auth_mellon is set to require valid-user, an attacker can bypass authentication by sending specific HTTP headers used in SAML ECP (non-browser) flows. The connected advisories in...

CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

H2T - Scans A Website And Suggests Security Headers To Apply

h2t is a simple tool to help sysadmins to hardening their websites. Until now h2t checks the website headers and recommends how to make it better. Dependences Python 3 colorama requests Install $ git clone https://github.com/gildasio/h2t $ cd h2t $ pip install -r requirements.txt $ ./h2t.py -h...

Webtech - Identify Technologies Used On Websites

Identify technologies used on websites. More info on the release's blogpost. CLI Installation WebTech is available on pip: pip install webtech It can be also installed via setup.py: python setup.py install --user Burp Integration Download Jython 2.7.0 standalone and install it into Burp. In...

Python Project urllib CRLF Injection (CVE-2019-9740)

A CRLF injection vulnerability exists in Python Project urllib library. Successful exploitation could allow attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...

Arjun v1.3 - HTTP Parameter Discovery Suite

Features Multi-threading 4 modes of detection A typical scan takes 30 seconds Regex powered heuristic scanning Huge list of 25,980 parameter names Makes just 30-35 requests to the target Usage Note: Arjun doesn't work with python 3.4 Discover parameters To find GET parameters, you can simply do:...

CVE-2018-1658

IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6 is vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrar...

FreeBSD : py-gunicorn -- CWE-113 vulnerability (a3e24de7-3f0c-11e9-87d1-00012e582166)

Everardo reports : gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in processheaders function in gunicorn/http/wsgi.py that can result in an attacker causing the server to return arbitrary HTTP headers. C Tenable Network Security...

openSUSE Security Update : nodejs6 (openSUSE-2019-234)

This update for nodejs6 to version 6.16.0 fixes the following issues : Security issues fixed : - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation bsc1113652 - CVE-2018-5407: Fixed a hyperthread port content side channel attack aka 'PortSmash' bsc1113534 - CVE-2018-12120...

Security Bulletin: Missing Secure HTTP Headers

Summary During internal penetration testing we identified that the IBM i2 Enterprise Insight Analysis application could be made more secure with the addition of some HTTP headers. Vulnerability Details CVEID: CVE-2018-1525 DESCRIPTION: IBM i2 Intelligent Analyis Platform could allow a remote...

Debian: Security Advisory (DLA-1663-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : python (SUSE-SU-2019:0223-1) (httpoxy)

This update for python fixes the following issues : Security issues fixed : CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack bsc984751 CVE-2016-5636: heap overflow when importing malformed zip files bsc985177 CVE-2016-5699: incorrect validation of HTTP headers allow header...

GHSA-MH24-7WVG-V88G CRLF Injection in pypiserver

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

CRLF Injection in pypiserver

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

CVE-2019-6802

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

PYSEC-2019-43

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...

CVE-2019-6802

CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI...