CVE-2022-0451

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with...

CVE-2022-0451

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with...

Authorization

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with...

CVE-2022-0451

The CVE-2022-0451 issue affects the Dart SDK (dart:io) where HTTPClient may include Authorization headers during cross-origin redirects. By default, HttpClient handles redirects, and headers that are set on the initial request could be sent to a redirect target if the redirect goes to an attacker...

CVE-2022-0451 Auth bypass in Dark SDK

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with...

GHSA-GPCH-H32J-GX6X Insufficiently Protected Credentials in Reactor Netty

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...

Insufficiently Protected Credentials in Reactor Netty

The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirect...

CVE-2022-23607

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

Mageia: Security Advisory (MGASA-2013-0199)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0348)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0489)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerable dependency in XTDB connector

Impact The impacted portion of the XTDB connector is its connectivity to S3 as a backing store: this is the only portion of the connector that uses this vulnerable httpclient dependency. Per the description, the vulnerability regards URIs that may be misinterpreted, which given the area of impact...

GHSA-HWVM-VFW8-93MW Vulnerable dependency in XTDB connector

Impact The impacted portion of the XTDB connector is its connectivity to S3 as a backing store: this is the only portion of the connector that uses this vulnerable httpclient dependency. Per the description, the vulnerability regards URIs that may be misinterpreted, which given the area of impact...

ca.uhn.hapi.fhir.karaf:hapi-fhir (>=3.3.0 <=3.7.0), com.esri.geoevent.sdk:geoevent-sdk (>=10.7.1 <=10.8.1) +118 more potentially affected by CVE-2021-44228 via org.ops4j.pax.logging:pax-logging-log4j2 (>=1.10.0 <=1.10.7)

org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =1.10.0, =3.3.0, =10.7.1, =2.0.1, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.61.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.24.01 and more Source cves: CVE-2021-44228 Source advisory: OSV:GHSA-JFH8-C2JP-5V3Q...

Microsoft Azure Active Directory Login Enumeration

This module enumerates valid usernames and passwords against a Microsoft Azure Active Directory domain by utilizing a flaw in how SSO authenticates. Module Options msf use auxiliary/scanner/http/azureadlogin msf auxiliaryazureadlogin show actions ...actions... msf auxiliaryazureadlogin set ACTION...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Sophos UTM WebAdmin SID Command Injection Exploit

This Metasploit module exploits an SID-based command injection in Sophos UTM's WebAdmin interface to execute shell commands as the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

Security Bulletin: FileNet Content Manager is affected by a HTTP Client vulnerability

Summary FileNet Content Manager has addressed the following HTTP Client v3.0.1 and v4.0.1 vulnerability. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote...

Security Bulletin: Multiple Security Vulnerabilities Have been addressed in IBM Security Access Manager

Summary Multiple Security Vulnerabilities have been fixed in the IBM Security Access Manager ISAM version 9.0.7.2 Vulnerability Details CVEID: CVE-2019-10208 DESCRIPTION: PostgreSQL is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the...

FreeBSD : jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library (9bad457e-b396-4452-8773-15bec67e1ceb)

Jenkins Security Advisory : DescriptionMedium SECURITY-2475 / CVE-2014-3577 Jenkins core bundles vulnerable version of the commons-httpclient library %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...