CVE-2019-15272 Cisco Unified Communications Manager Security Bypass Vulnerability

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HT...

CVE-2019-15272 Cisco Unified Communications Manager Security Bypass Vulnerability

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HT...

CVE-2019-15272

CVE-2019-15272 affects Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME). The root cause is improper handling of malformed HTTP methods in the web-based interface, allowing an unauthenticated, remote attacker to bypass security restrict...

CVE-2019-4176

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881...

CVE-2019-4176

IBM Cognos Controller 10.2.0–10.4.0 is affected by CVE-2019-4176 due to an insecure HTTP Methods handling which could allow a remote attacker to bypass security restrictions and gain access to the system. Affected versions include 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0. The issue is documente...

CVE-2019-12387

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

GHSA-6CC5-2VG4-CC7M Twisted CRLF Injection

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

Design/Logic Flaw

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

CVE-2019-12387

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

CVE-2019-12387

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

CVE-2019-12387

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

CVE-2019-10913

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...

Sql injection

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...

CVE-2019-10913

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...

CVE-2019-10913

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...

CVE-2019-10913

CVE-2019-10913 affects the Symfony PHP framework's HTTP Foundation. Versions vulnerable include Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7. The issue: HTTP methods provided as verbs or via the X-Http-Method-Override header may be treat...

CVE-2019-10913

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to...

Fedora Update for mod_cluster FEDORA-2019-17556e2ad6

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: mod_cluster-1.3.11-1.fc29

Modcluster is an httpd-based load balancer. Like modjk and modproxy, modcluster uses a communication channel to forward requests from httpd to one of a set of application server nodes. Unlike modjk and modproxy, modclus ter leverages an additional connection between the application server nodes a...

PCI DSS Compliance - Information Leakage

The remote host is vulnerable to one or more conditions that are considered to be 'information leakage' and so are not automatic failures according to the PCI DSS Approved Scanning Vendors Program Guide version 3.1. These information leakage issues include one or more of the following : - Detaile...