40 matches found
EUVD-2018-0766
Malware in sbrugna...
EUVD-2024-1271
Malicious code in bioql PyPI...
EUVD-2024-52853
Malicious code in bioql PyPI...
Header Injection
org.apache.camel, camel-support is vulnerable to a Header Injection. The vulnerability is due to insufficient header filtering, where only headers starting with "Camel", "camel", or "org.apache.camel." are blocked, allows attackers to forge header names and manipulate method invocation in the...
Linux Distros Unpatched Vulnerability : CVE-2017-16005
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Http-signature is a Reference implementation of Joyent's HTTP Signature Scheme. In versions =0.9.11, http-signature signs only the header values, but not the...
CVE-2024-55925
In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets...
PT-2024-40188 · Silverstripe · Silverstripe
Name of the Vulnerable Software and Affected Versions: SilverStripe affected versions not specified Description: The issue allows spoofing of HTTP headers, which can lead to various security problems, including bypassing IP restrictions and SSL enforcement. This is due to SilverStripe trusting...
BIT-ENVOY-2023-27487 Envoy client may fake the header `x-envoy-original-path`
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token JWT checks and forge fake original paths. The header x-envoy-original-path should be an internal header, but...
CVE-2023-27487 Envoy client may fake the header `x-envoy-original-path`
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token JWT checks and forge fake original paths. The header x-envoy-original-path should be an internal header, but...
Google Extensible Service Proxy Header Forgery
Extensible Service Proxy a.k.a. ESP is an open source software by Google assisting Cloud Endpoints, a product on Google Cloud Platform. ESPv1 is an nginx based proxy which enables API management capabilities for JSON/REST or gRPC API services. In a typical deployment, ESP is running and fronting...
CVE-2020-35590
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of per IP address rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious...
Cisco Webex Business Suite Data Forgery Issue Vulnerability
Cisco Webex Business Suite is a set of video conferencing solutions from the U.S. company Cisco Cisco. A data forgery vulnerability exists in Cisco Webex Business Suite versions prior to 39.1.0, which stems from the program failing to properly validate the 'host' field in the message header. An...
CVE-2017-16005
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...
GHSA-Q257-VV4P-FG92 Header Forgery in http-signature
Affected versions of http-signature contain a vulnerability which can allow an attacker in a privileged network position to modify header names and change the meaning of the request, without requiring an updated signature. This problem occurs because vulnerable versions of http-signature sign the...
Design/Logic Flaw
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...
CVE-2017-16005
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...
CVE-2017-16005
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...
CVE-2017-16005
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...
CVE-2017-16005
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...
CVE-2017-16005
CVE-2017-16005 affects the http-signature library (Joyent's HTTP Signature Scheme). In versions ≤ 0.9.11, signatures cover only header values, not header names, enabling header forgery if an attacker can intercept a request and swap header names without invalidating the signature. This can allow ...