python: infinite loop in the tarfile module via crafted TAR archive

A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

UBUNTU-CVE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

PT-2020-5068 · Node.Js +6 · Node.Js +6

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 12.18.4 Node.js versions prior to 14.11 Description: The issue is related to an error in processing HTTP header names, which can be exploited by a remote attacker to gain access to protected information or elevate...

CRLF Injection

php is vulnerable to CRLF injection. A flaw was discovered in the way PHP's mail function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients...

The vulnerability of the Microsoft Internet Information Server (IIS) operating system on Windows allows a perpetrator to execute a type of attack known as “cross-site scripting attacks”.

The vulnerability of the Microsoft Internet Information Server IIS operating systems on Windows is related to incorrect processing of request headers. Exploiting this vulnerability allows a malicious actor to execute a type of attack known as “cross-site request forgeing” by sending specially...

nodejs: HTTP request smuggling using malformed Transfer-Encoding header

A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...

CVE-2019-11049

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations...

DEBIAN-CVE-2019-18609

An issue was discovered in amqphandleinput in amqpconnection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTIONSTATEHEADER. A rogue server could return a malicious frame header that leads to a smaller targetsize value than needed...

SUSE-SU-2019:3126-1 Security update for haproxy

This update for haproxy to version 2.0.10 fixes the following issues: HAProxy was updated to 2.0.10 Security issues fixed: - CVE-2019-18277: Fixed a potential HTTP smuggling in messages with transfer-encoding header missing the 'chunked' bsc1154980. - Fixed an improper handling of headers which...

CVE-2019-15226

Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had...

CVE-2019-3721

CVE-2019-3721 affects Dell EMC OpenManage System Administrator (OMSA) prior to version 9.3.0. The issue is an improper range header processing vulnerability in OMSA’s handling of HTTP Range requests; crafted requests with overlapping ranges can cause the application to compress each requested byt...

The vulnerability of the microprogramming software used in Schneider Electric Modicon programmable logic controllers stems from incorrect processing of data in the incoming HTTP headers. This allows attackers to cause malfunctions in the device’s operation.

The vulnerability of the microprogrammed logic controllers from Schneider Electric Modicon stems from the improper elimination of CR and LF characters before data is entered into the incoming HTTP headers. Exploiting this vulnerability can allow an attacker to cause a device failure...

Debian DSA-4267-1 : kamailio - security update

Henning Westerholt discovered a flaw related to the To header processing in kamailio, a very fast, dynamic and configurable SIP server. Missing input validation in the buildresbuffromsipreq function could result in denial of service and potentially the execution of arbitrary code. C Tenable Netwo...

ALPINE-CVE-2018-1000027

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via...

jwt-scala fails to verify token signatures

Overview jwt-scala contains a vulnerability where it fails to verify token signatures correctly. jwt-scala is a Scala library to handle JSON Web Token JWT. jwt-scala contains a vulnerability where it fails to verify token signatures correctly due to improper processing of JWT headers. Toshiharu...

Live Helper Chat Cross-Site Scripting Vulnerability

Live Helper Chat is a cross-platform online chat program. A cross-site scripting vulnerability exists in the HTTP packet header processing in Live Helper Chat 2.06v and prior versions. A remote attacker can exploit this vulnerability to execute arbitrary Javascript code within another user's...

Cisco cBR Series Converged Broadband Routers Denial of Service Vulnerability

Cisco cBR Series Converged Broadband Routers is a router device. A security vulnerability in the Cisco cBR Series Converged Broadband Routers processing list header field allows remote attackers to exploit the vulnerability to submit a special request for a denial of service attack...

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

namshi/jose fails to verify token signatures

Overview namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...