11633 matches found
CVE-2022-36032 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...
CVE-2022-36032 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...
CVE-2022-36032 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...
Amazon Linux 2022 : httpd, httpd-core, httpd-devel (ALAS2022-2022-053)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-053 advisory. A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The...
SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2022:3004-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3004-1 advisory. - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when...
SUSE SLES12 Security Update : curl (SUSE-SU-2022:3005-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3005-1 advisory. - When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back t...
OESA-2022-1879 python3 security update
Python combines remarkable power with very clear syntax. It has modules,classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C+...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : curl vulnerability (USN-5587-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5587-1 advisory. Axel Chong discovered that when curl accepted and sent back cookies containing control bytes that a HTTPS server might return ...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.0.2.5)
The version of AOS installed on the remote host is prior to 6.0.2.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.0.2.5 advisory. - xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3,...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.11.2)
The version of AOS installed on the remote host is prior to 5.11.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.11.2 advisory. - Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.16)
The version of AOS installed on the remote host is prior to 5.16. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.16 advisory. - Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.10.9)
The version of AOS installed on the remote host is prior to 5.10.9. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.10.9 advisory. - Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get...
CURL-CVE-2022-35252 control code in cookie denial of service
When curl retrieves and parses cookies from an HTTPS server, it accepts cookies using control codes byte values below 32. When cookies that contain such control codes are later sent back to an HTTPS server, it might make the server return a 400 response. Effectively allowing a "sister site" to de...
CVE-2022-35252
When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...
CVE-2021-3688
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolons. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest...
Design/Logic Flaw
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolons. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest...
CVE-2021-3688
CVE-2021-3688 affects Red Hat JBoss Core Services HTTP Server (all versions). The root cause is improper normalization of the path component in URL requests that contain dot-dot-semicolon(s), which could allow an attacker to access unauthorized information and potentially facilitate further attac...
CVE-2021-3688
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolons. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest...
PT-2022-10589 · Red Hat · Red Hat Jboss Core Services Http Server
Name of the Vulnerable Software and Affected Versions: Red Hat JBoss Core Services HTTP Server affected versions not specified Description: A flaw was found in Red Hat JBoss Core Services HTTP Server where it does not properly normalize the path component of a request URL containing...
Ubuntu: Security Advisory (USN-3425-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...