11631 matches found
CVE-2023-37276
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...
Design/Logic Flaw
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...
CVE-2023-37276
CVE-2023-37276 affects aiohttp when used as an HTTP server (aiohttp.Application); vulnerable code is in the llhttp-based HTTP request parser bundled with aiohttp v3.8.4 and earlier. Exploitation can lead to HTTP request smuggling. The issue is addressed in aiohttp 3.8.5; upgrading is recommended....
CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...
CVE-2023-37276 aiohttp vulnerable to HTTP request smuggling
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...
CVE-2023-37276
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...
Oracle Enterprise Manager Ops Center (Jul 2023 CPU)
The 12.4.0.0 version of Enterprise Manager Ops Center installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory: - Vulnerability in the Oracle Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Networking Apache HTT...
CVE-2023-34036
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...
CVE-2023-34036
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...
Design/Logic Flaw
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...
CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...
CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux
Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle and possibly discard...
CLSA-2023-1689259392 Fix CVE(s): CVE-2021-28861
SECURITY UPDATE: Redirection vulnerability in http.server - debian/patches/CVE-2021-28861.patch: Fix an open redirection vulnerability in the http.server module when an URI path starts with // - debian/patches/expat-regression.patch: some tests were fixed - CVE-2021-28861...
Security Bulletin: Vulnerabilities have been identified in OpenSSL, Apache HTTP Server and other system libraries shipped with the DS8000 Hardware Management Console (HMC)
Summary IBM DS8900 Management Console is affected by Open Source expat CVE-2022-43680, libxml2 CVE-2022-40303, CVE-2022-40304, dbus CVE-2022-42010, CVE-2022-42011, CVE-2022-42012, httpd CVE-2023-25690, systemd CVE-2022-4415, OpenSSL CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286,...
Ubuntu 16.04 ESM / 18.04 ESM : Gorilla WebSocket vulnerability (USN-6208-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6208-1 advisory. It was discovered that Gorilla WebSocket incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause a crash,...
Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain
Cisco Talos discovered 17 vulnerabilities 63 CVEs in the Milesight UR32L router and five vulnerabilities six CVEs in the Milesight MilesightVPN remote access solution software. An attacker could exploit the vulnerabilities discovered to completely compromise the UR32L and MilesightVPN. This post...
Nexxt Nebula 1200-AC 安全漏洞
The Nexxt Nebula 1200-AC is a wireless router from Nexxt USA. A security vulnerability exists in the Nexxt Nebula 1200-AC version 15.03.06.60, which originates from using the HTTPD service to enable TELNET to bypass authentication and command execution...
EulerOS 2.0 SP11 : httpd (EulerOS-SA-2023-2271)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affect...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2271)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, a component of IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2019-0220)
Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 3.9 & 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about a security vulnerability affecting IBM HTTP Server, a component of IBM...