Lucene search
+L

40 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2018-0766

Malware in sbrugna...

7.5CVSS7.4AI score0.00857EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1271

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01052EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-52853

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00179EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/12 5:41 a.m.18 views

Header Injection

org.apache.camel, camel-support is vulnerable to a Header Injection. The vulnerability is due to insufficient header filtering, where only headers starting with "Camel", "camel", or "org.apache.camel." are blocked, allows attackers to forge header names and manipulate method invocation in the...

5.6CVSS6.5AI score0.79817EPSS
Exploits3References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2017-16005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Http-signature is a Reference implementation of Joyent's HTTP Signature Scheme. In versions =0.9.11, http-signature signs only the header values, but not the...

7.5CVSS7.3AI score0.00857EPSS
Exploits0References2
OSV
OSV
added 2025/01/23 5:15 p.m.4 views

CVE-2024-55925

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.5 views

PT-2024-40188 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe affected versions not specified Description: The issue allows spoofing of HTTP headers, which can lead to various security problems, including bypassing IP restrictions and SSL enforcement. This is due to SilverStripe trusting...

6.5CVSS7.2AI score
Exploits0References7
OSV
OSV
added 2024/03/06 10:54 a.m.36 views

BIT-ENVOY-2023-27487 Envoy client may fake the header `x-envoy-original-path`

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token JWT checks and forge fake original paths. The header x-envoy-original-path should be an internal header, but...

9.1CVSS7.5AI score0.00636EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/04/04 3:42 p.m.9 views

CVE-2023-27487 Envoy client may fake the header `x-envoy-original-path`

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token JWT checks and forge fake original paths. The header x-envoy-original-path should be an internal header, but...

8.2CVSS9.1AI score0.00636EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2021/09/29 12:0 a.m.206 views

Google Extensible Service Proxy Header Forgery

Extensible Service Proxy a.k.a. ESP is an open source software by Google assisting Cloud Endpoints, a product on Google Cloud Platform. ESPv1 is an nginx based proxy which enables API management capabilities for JSON/REST or gRPC API services. In a typical deployment, ESP is running and fronting...

0.8AI score
Exploits0
OSV
OSV
added 2020/12/21 7:15 a.m.5 views

CVE-2020-35590

LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of per IP address rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious...

9.8CVSS5.8AI score0.04348EPSS
Exploits1References2
CNVD
CNVD
added 2020/04/14 12:0 a.m.5 views

Cisco Webex Business Suite Data Forgery Issue Vulnerability

Cisco Webex Business Suite is a set of video conferencing solutions from the U.S. company Cisco Cisco. A data forgery vulnerability exists in Cisco Webex Business Suite versions prior to 39.1.0, which stems from the program failing to properly validate the 'host' field in the message header. An...

4.3CVSS6.7AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/10/12 3:49 a.m.26 views

CVE-2017-16005

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

7.5CVSS1.3AI score0.00857EPSS
Exploits0References2
OSV
OSV
added 2018/11/09 5:49 p.m.19 views

GHSA-Q257-VV4P-FG92 Header Forgery in http-signature

Affected versions of http-signature contain a vulnerability which can allow an attacker in a privileged network position to modify header names and change the meaning of the request, without requiring an updated signature. This problem occurs because vulnerable versions of http-signature sign the...

7.5CVSS7.2AI score0.00857EPSS
Exploits0References4
Prion
Prion
added 2018/06/04 7:29 p.m.17 views

Design/Logic Flaw

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

5CVSS7.3AI score0.00857EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/06/04 7:29 p.m.29 views

CVE-2017-16005

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

7.5CVSS7.4AI score0.00857EPSS
Exploits0References2
OSV
OSV
added 2018/06/04 7:29 p.m.14 views

CVE-2017-16005

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

7.5CVSS7.6AI score
Exploits0References2
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.23 views

CVE-2017-16005

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

7.4AI score0.00857EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2018/06/04 7:0 p.m.39 views

CVE-2017-16005

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

7.5CVSS7.3AI score0.00857EPSS
Exploits0
CVE
CVE
added 2018/06/04 7:0 p.m.83 views

CVE-2017-16005

CVE-2017-16005 affects the http-signature library (Joyent's HTTP Signature Scheme). In versions ≤ 0.9.11, signatures cover only header values, not header names, enabling header forgery if an attacker can intercept a request and swap header names without invalidating the signature. This can allow ...

7.5CVSS7.2AI score0.00857EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder