2483 matches found
CVE-2015-9241
Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out default node timeout is 2...
CVE-2018-1067
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input ...
CVE-2018-1067
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input ...
CVE-2018-1067
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input ...
CVE-2018-1067
The CVE-2018-1067 entry affects Undertow prior to 7.1.2.CR1 and 7.1.2.GA, where the prior fix for CVE-2016-4993 was incomplete. This leaves Undertow vulnerable to injection of arbitrary HTTP headers and HTTP response splitting due to insufficient sanitization and validation when user input is use...
CVE-2018-1067
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input ...
EMC RSA Authentication Manager < 8.3 Patch 1 Multiple Vulnerabilities (DSA-2018-086)
The version of EMC RSA Authentication Manager running on the remote host is prior to 8.3 Patch 1 8.3.0.1. It is, therefore affected by the following vulnerabilities: - A flaw exists with the Security Console due to improper parsing of XML data. An authenticated remote attacker, with a specificall...
[SECURITY] Fedora 28 Update: haproxy-1.8.8-1.fc28
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...
JCS - Joomla Vulnerability Component Scanner
JCS Joomla Component Scanner made for penetration testing purpose on Joomla CMS JCS can help you with the latest component vulnerabilities and exploits. The database can update from several resources and a Crawler has been implemented to find components and component's link. This version supports...
Design/Logic Flaw
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...
PYSEC-2018-55
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...
PYSEC-2018-55
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...
CVE-2018-1000164
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...
CVE-2018-1000164
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...
CVE-2018-1000164
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...
CVE-2018-1000164
Summary of CVE-2018-1000164 (Gunicorn) : Gunicorn 19.4.5 contains a CWE-113 vulnerability in the process_headers function (gunicorn/http/wsgi.py) that can cause HTTP header splitting to lead to arbitrary HTTP headers being returned by the server. The issue is fixed in version 19.5.0. Documents in...
CVE-2018-1000164
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "processheaders" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been...
openSUSE Security Update : python-gunicorn / python3-gunicorn (openSUSE-2018-369)
This update for python-gunicorn, python3-gunicorn fixes the following issues : - CVE-2018-1000164: Improper neutralization of CRLF Sequences allow tricking the server to return arbitrary HTTP headers boo1088613 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
py-gunicorn -- CWE-113 vulnerability
Everardo reports: gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in processheaders function in gunicorn/http/wsgi.py that can result in an attacker causing the server to return arbitrary HTTP headers...
DoS by large request in WEBrick
There is a out-of-memory DoS vulnerability with a large request in WEBrick bundled with Ruby If an attacker sends a large request which contains huge HTTP headers, WEBrick try to process it on memory, so the request causes the out-of-memory DoS attack. All users running an affected release should...