16597 matches found
HTTP Request Smuggling (HRS)
Waitress is vulnerable to HTTP Request Smuggling HRS. The vulnerability is due to improper handling of request lookahead and parsing in HTTP pipelining. When request lookahead is enabled, the server processes the first request, but due to a race condition, it may start handling the second request...
CVE-2024-52530
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header...
CVE-2024-52530
CVE-2024-52530 affects GNOME libsoup (libsoup) prior to 3.6.0, where HTTP header parsing ignores trailing null characters in header names, causing a potential HTTP request smuggling vulnerability via a header like Transfer-Encoding\0: chunked. Connected documents confirm the issue across multiple...
CVE-2024-52530
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header...
CVE-2024-52530
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header...
libsoup 安全漏洞
libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup versions prior to 3.6.0, which stems from allowing HTTP request smuggling in certain configurations...
Mageia: Security Advisory (MGASA-2024-0348)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2024-0348 Updated ruby-webrick packages fix security vulnerability
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. CVE-2024-47220...
Updated ruby-webrick packages fix security vulnerability
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. CVE-2024-47220...
SUSE: Security Advisory (SUSE-SU-2024:3939-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : ruby2.1 (SUSE-SU-2024:3939-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:3939-1 advisory. - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 Tenable has extracted the preceding description block directly from the SUSE...
Security update for ruby2.1
This update for ruby2.1 fixes the following issues: CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...
SUSE-SU-2024:3939-1 Security update for ruby2.1
This update for ruby2.1 fixes the following issues: - CVE-2024-47220: Fixed HTTP request smuggling in WEBrick bsc1230930...
CVE-2024-51504
CVE-2024-51504 affects ZooKeeper Admin Server via IPAuthenticationProvider. Default IP detection uses HTTP headers (X-Forwarded-For) and can be spoofed, leading to authentication bypass for IP-based auth. Admin commands like snapshot/restore may be exploited after bypass. Impact: potential inform...
Security Bulletin: IBM Sterling Control Center is affected by vulnerability in Apache Tomcat
Summary OSS Scan Vulnerability - Apache Tomcat 8.5.70 & Apache Tomcat 8.5.75 with multiple CVEs and affecting Sterling Control Center v6.2.1. Vulnerability Details CVEID:CVE-2021-42340 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket...
CVE-2024-20537
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker...
CVE-2024-20476
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...
CVE-2024-20476
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...
CVE-2024-20537 Cisco Identity Services Engine Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker...
CVE-2024-20476 Cisco Identity Services Engine Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...