CVE-2023-41834

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...

Crlf injection

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...

CVE-2023-41834

CVE-2023-41834 affects Apache Flink Stateful Functions. The issue is an improper neutralization of CRLF sequences in HTTP headers, enabling remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting in versions 3.1.0, 3.1.1 and 3.2.0. Potential consequence: injected con...

Hackerone: CVE-2023-38039 HTTP headers eat all memory

...

PT-2023-28114 · Apache · Apache Flink Stateful Functions

Name of the Vulnerable Software and Affected Versions: Apache Flink Stateful Functions versions 3.1.0 through 3.2.0 Description: The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially...

FreeBSD : curl -- HTTP headers eat all memory (833b469b-5247-11ee-9667-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 833b469b-5247-11ee-9667-080027f5fec9 advisory. - When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed lat...

CVE-2023-38039

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of header...

curl security vulnerability

Curl is a tool used to transfer data from or to a server. A security vulnerability exists in curl that stems from not limiting the number or size of http headers, allowing a malicious server to ultimately cause curl to exhaust heap memory by transmitting sequence headers...

CVE-2023-4958

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

[slackware-security] curl

New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.3.0-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: HTTP headers eat all memory...

CURL-CVE-2023-38039 HTTP headers eat all memory

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit on the size or quantity of headers it would accept in a response, allowing a malicious server to stream an endless series of...

CVE-2023-34041 CVE-2023-34041-Abuse of HTTP Hop-by-Hop Headers in Cloud Foundry Gorouter

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

cve-2023-3519-citrix-scanner This script is a basic Citrix Sc...

InterPhoto 2.3.0 Shell Upload

==================================================================================================================================== | Title : InterPhoto 2.3.0 Persians Remote Shell Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

CVE-2022-1601 User Access Manager < 2.2.18 - IP Spoofing

The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible for attackers to access restricted content in certain situations...

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in puma

Impact Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. The following vulnerabilities are addressed by this advisory: - Incorrect parsing of trailing fields ...

CVE-2023-4324

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers...

PT-2023-28741 · Broadcom · Broadcom Raid Controller

Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers. This issue affects the web interface,...

CVE-2023-37874

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dimitar Ivanov HTTP Headers plugin = 1.18.11 versions...

CVE-2023-37874

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Dimitar Ivanov HTTP Headers plugin = 1.18.11 versions...