CVE-2022-23021

On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP...

Design/Logic Flaw

On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP...

Design/Logic Flaw

On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel TMM...

CVE-2022-23018

On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel TMM...

@abhishekdeb/ezmailer (>=0.0.1 <=0.0.2), @aca-1/a2-composer (>=0.1.0 <=0.3.3) +918 more potentially affected by CVE-2019-10196 via http-proxy-agent (>=0.2.7 <=2.0.0)

http-proxy-agent NPM version =0.2.7, =0.0.1, =0.1.0, =0.1.0, =0.1.5, =0.0.1, =1.0.0, =1.0.0, =1.0.1, =0.15.0-alpha1, =0.2.0, =0.2.1 - @cdevine49/react-numeric-input =2.2.4 and more Source cves: CVE-2019-10196 Source advisory: OSV:GHSA-86WF-436M-H424...

GHSA-86WF-436M-H424 Resource Exhaustion Denial of Service in http-proxy-agent

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

Resource Exhaustion Denial of Service in http-proxy-agent

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

Apache Traffic Server Improper Input Validation Vulnerability (CNVD-2021-84824)

Apache Traffic Server, referred to as ATS or TS, is a high-performance, modular HTTP proxy and caching server.An improper input validation vulnerability exists in Apache Traffic Server version 5.0.0-9.1.0 when accepting socket connections. An attacker could exploit this vulnerability to cause the...

Apache Traffic Server Improper Input Validation Vulnerability (CNVD-2021-84821)

Apache Traffic Server, referred to as ATS or TS, is a high-performance, modular HTTP proxy and caching server. an improper input validation vulnerability exists in the header parsing in Apache Traffic Server versions 8.0.0-8.1.2, 9.0.0-9.0.1. An attacker could exploit this vulnerability to smuggl...

Apache Traffic Server Improper Input Validation Vulnerability (CNVD-2021-84822)

Apache Traffic Server, referred to as ATS or TS, is a high-performance, modular HTTP proxy and caching server. an improper input validation vulnerability exists in the header parsing in Apache Traffic Server versions 8.0.0-8.1.2, 9.0.0-9.1.0. An attacker could exploit this vulnerability to smuggl...

Apache Traffic Server Heap Buffer Overflow Vulnerability

Apache Traffic Server, referred to as ATS or TS, is a high-performance, modular HTTP proxy and caching server. stats-over-http plugin in Apache Traffic Server version 9.1.0 is vulnerable to a heap buffer overflow. An attacker could exploit this vulnerability to overwrite memory...

HTTP Request Smuggling in hyper

Summary hyper's HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary different...

GHSA-6HFQ-H8HQ-87MF HTTP Request Smuggling in hyper

Summary hyper's HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary different...

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

Lenient Parsing of Content-Length Header When Prefixed with Plus Sign

Summary hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such Content-Length headers, but forwards...

GHSA-F3PG-QWVG-P99C Lenient Parsing of Content-Length Header When Prefixed with Plus Sign

Summary hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such Content-Length headers, but forwards...

CVE-2021-32715

hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...

RUSTSEC-2021-0078 Lenient `hyper` header parsing of `Content-Length` could allow request smuggling

hyper's HTTP header parser accepted, according to RFC 7230, illegal contents inside Content-Length headers. Due to this, upstream HTTP proxies that ignore the header may still forward them along if it chooses to ignore the error. To be vulnerable, hyper must be used as an HTTP/1 server and using ...

Advisory ROSA-SA-2021-1829

Software: erlang R16B OS: Cobalt 7.9 CVE-ID: CVE-2011-0766 CVE-Crit: MEDIUM CVE-DESC: The random number generator in the Crypto application before 2.0.2.2.2 and SSH before 2.0.5, which was used in the Erlang / OTP ssh library before R14B03, uses predictable starting numbers based on the current...

SUSE: Security Advisory (SUSE-SU-2017:1635-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...