137 matches found
CBL Mariner 2.0 Security Update: python-twisted (CVE-2022-24801)
The version of python-twisted installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24801 advisory. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to...
SUSE CVE-2018-4013
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...
SUSE CVE-2019-15892
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Servic...
CVE-2023-21538
A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process...
CVE-2022-24910
A buffer overflow vulnerability exists in the httpd parsepingresult API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...
Cisco Adaptive Security Appliances Software 缓冲区错误漏洞
Cisco Adaptive Security Appliances Software is a set of firewalls and network security platforms from the U.S. company Cisco Cisco. The platform provides highly secure access to data and network resources and other features. A buffer overflow vulnerability exists in the Cisco Adaptive Security...
UBUNTU-CVE-2022-24761
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and...
U.S. Dept Of Defense: HTTP Request Smuggling
hello dear support I have found HTTP Request Smuggling on www.████████ Issue description ============== HTTP request smuggling vulnerabilities arise when websites route HTTP requests through webservers with inconsistent HTTP parsing. By supplying a request that gets interpreted as being different...
USN-4558-1: libapreq2 vulnerabilities
It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker could use this vulnerability to cause libapreq2 to crash...
Microsoft Edge Spoofing Vulnerability (CNVD-2020-61594)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge, which stems from the program's failure to properly parse HTTP content. An attacker could exploit the vulnerability to lure users by...
FreeBSD : Node.js -- multiple vulnerabilities (0032400f-624f-11ea-b495-000d3ab229d6)
Node.js reports : Updates are now available for all active Node.js release lines for the following issues. HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605 Affected Node.j...
CentOS 7 : http-parser (RHSA-2020:0703)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0703 advisory. - HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed CVE-2019-15605 Note that Nessus has not...
CentOS: Security Advisory for http-parser (CESA-2020:0703)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Node.js -- multiple vulnerabilities
Node.js reports: Updates are now available for all active Node.js release lines for the following issues. HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605 Affected Node.js...
February 2020 Security Releases
February 2020 Security Releases Update 6-February-2020 Security releases available Updates are now available for all active Node.js release lines for the following issues. HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605 Affected Node.js versions can be...
CVE-2019-15276
A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially...
CVE-2019-15276 Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability
A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially...
CVE-2019-15276
CVE-2019-15276: Cisco Wireless LAN Controller HTTP parsing DoS . The vulnerability affects Cisco WLC software (versions 8.4–8.9, 8.10 fixed) where the HTTP parsing engine fails to handle specially crafted URLs. An attacker with low privileges (or a user who can be lured to click a crafted URL) ca...
CVE-2019-15276 Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability
A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially...
UBUNTU-CVE-2019-17420
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the httpheader signature to not alert on a response with a single \r\n ending...