101619 matches found
Astra Linux - уязвимость в puma
Puma is a Ruby/Rack web server designed for parallelism. Prior to versions 6.3.1 and 5.6.7, Puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers, which could allow HTTP request smuggling. The severity of this issue depends heavily ...
Astra Linux - уязвимость в apache2
The out-of-bounds write vulnerability in the modsed module of the Apache HTTP Server allows an attacker to overwrite heap memory with data provided by the attacker. This issue affects Apache HTTP Server version 2.4.2.52 and earlier versions...
Astra Linux - уязвимость в tomcat9
There is a vulnerability in Apache Tomcat when using the APR/Native connector, involving concurrent execution with shared resources and improper synchronization known as “race condition”. This issue is particularly noticeable during client-initiated closures of HTTP/2 connections. The vulnerabili...
Astra Linux - уязвимость в curl
There is an information disclosure vulnerability in curl v8.1.0 when performing HTTPS transfers. libcurl may incorrectly use the read callback CURLOPTREADFUNCTION to request data to be sent, even when the CURLOPTPOSTFIELDS option is set. This occurs if the same handle was previously used to issue...
Astra Linux - уязвимость в supervisor
In Supervisor version 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer confirmed that the affected component, inethttpserver, is not enabled by default. However, if the user enables it and does not set a password, Supervisor will log a warning message...
Astra Linux - уязвимость в python-urllib3
urllib3 is a user-friendly HTTP client library for Python. urllib3 does not treat the Cookie HTTP header specially or provides any helpers for managing cookies over HTTP; that responsibility lies with the user. However, it is possible for a user to specify a Cookie header, and information may be...
Astra Linux - уязвимость в firefox, thunderbird
A use-after-free might have occurred when an HTTP2 session object was released on a different thread, resulting in memory corruption and potentially exploitable crashes. This vulnerability affects Firefox 93, Thunderbird 91.3, and Firefox ESR 91.3...
Astra Linux - уязвимость в symfony
Symfony/http-foundation is a module for the Symphony PHP framework that defines an object-oriented layer for handling HTTP requests. The Request class does not parse URIs containing special characters in the same way that browsers do. As a result, attackers can trick validators that rely on the...
Astra Linux - уязвимость в apache2
HTTP/2 incoming headers that exceed the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client continues to send headers, this can lead to memory exhaustion...
Astra Linux - уязвимость в curl
A vulnerability related to insufficiently protected credentials, addressed in curl 7.83.0, may cause authentication or cookie header data to be leaked during HTTP redirections to the same host, but using a different port number...
Astra Linux - уязвимость в curl
When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname, but the...
Astra Linux - уязвимость в tomcat9
There is an vulnerability related to improper input validation in Apache Tomcat. Tomcat does not restrict HTTP/0.9 requests to only the GET method. If a security constraint is configured to allow HEAD requests to a URI but deny GET requests, users could bypass this constraint on GET requests by...
Astra Linux - уязвимость в apache2
apescapequotes may write beyond the end of a buffer when given malicious input. None of the included modules passes untrusted data to these functions, but third-party/external modules may do so. This issue affects Apache HTTP Server 2.4.48 and earlier...
Astra Linux - уязвимость в python3.11
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially leading to Out-of-Memory errors or other types of...
Astra Linux - уязвимость в curl
There is a vulnerability in curl version 7.87.0 where it is possible to exploit the memory reclamation mechanism. In this vulnerability, curl can be instructed to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When curl...
Astra Linux - уязвимость в thunderbird
When an HTTPS page is embedded in an HTTP page, and a service worker is registered for the former, the service worker could intercept the request for the secure page. This occurs even though the iframe does not belong to a secure context due to the insecure framing. This vulnerability affects...
Astra Linux - уязвимость в haproxy
There is an integer overflow in HAProxy versions 2.0 to 2.5, specifically in the htxaddheader function, which can be exploited to perform an HTTP request smuggling attack. This allows an attacker to bypass all configured http-request HAProxy Access Control Lists and possibly other access control...
Astra Linux - уязвимость в apache2
Splitting of HTTP responses within the core of the Apache HTTP Server allows attackers who can manipulate the Content-Type response headers of applications hosted or proxied by the server to split the HTTP response. This vulnerability was identified as CVE-2023-38709, but the patch included in...
Astra Linux - уязвимость в golang-1.19
A malicious HTTP/2 client that quickly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is limited by the http2.Server.MaxConcurrentStreams setting, resetting an ongoing request allows the attacker to create a new...
Astra Linux - уязвимость в golang-golang-x-net, golang-1.19
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, enough to trigger a denial of service due to a small number of small requests...