CVE-2024-42330 JS - Internal strings in HTTP headers

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

CVE-2024-42330 JS - Internal strings in HTTP headers

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

CVE-2024-42330

The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that...

OESA-2024-2465 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: A Cross-site Scripting XSS vulnerability was found in Actionpack due to...

ROS-20241121-06

A vulnerability in the Consul service configuration tool is related to the use of URL paths in L7 traffic. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access rules based on HTTP request paths. HTTP request paths The vulnerability in the Consul service...

HTTP Hop-By-Hop Headers Detected

This is an informational plugin to inform the user that the scanner detected that the target application handles specific HTTP headers as hop-by-hop headers. No source data...

libsoup: HTTP request smuggling via stripping null bytes from the ends of header names

A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...

CVE-2024-51504

When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...

GHSA-3HXG-FXWM-8GF7 CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes

Summary The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. Details The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method: This method does not check for CRLF characters in the header valu...

CVE-2024-51501

Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method. This...

CVE-2024-51501 CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes

Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method. This...

CVE-2024-51501 CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes

Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes Header, HeaderCollection and Authorize are vulnerable to CRLF injection. The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method. This...

CVE-2024-51501

Refit (a .NET REST client) is vulnerable to CRLF injection via its header-related attributes (Header, HeaderCollection, Authorize). The underlying issue is lack of validation in HttpHeaders.TryAddWithoutValidation, which allows CRLF characters in header values, enabling header injection, request ...

GO-2024-3241 Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul...

GHSA-5C4W-8HHH-3C3H Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability

A vulnerability was identified in Consul and Consul Enterprise "Consul" such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...

CVE-2024-43424

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...

CVE-2024-30122 HCL Sametime is impacted by misconfigured security related HTTP headers

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers...

CVE-2024-30122 HCL Sametime is impacted by misconfigured security related HTTP headers

HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers...

CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

CVE-2024-25286

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...