Lucene search
+L

25 matches found

Positive Technologies
Positive Technologies
added 2024/03/05 12:0 a.m.17 views

PT-2024-2133

Name of the Vulnerable Software and Affected Versions: golang versions affected versions not specified http.Client affected versions not specified Description: The issue is related to how an http.Client handles HTTP redirects. When an HTTP redirect is made to a domain that is not a subdomain matc...

9.8CVSS7.8AI score0.91969EPSS
Exploits2References248
FreeBSD
FreeBSD
added 2024/03/05 12:0 a.m.42 views

go -- multiple vulnerabilities

The Go project reports reports: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. net/http: memory exhaustion in...

7.5CVSS6.7AI score0.01165EPSS
Exploits0References1
OSV
OSV
added 2023/12/15 11:6 a.m.6 views

OESA-2023-1917 varnish security update

This is Varnish Cache, a web application accelerator also known as a caching HTTP reverse proxy. You install it in front of any server that speaks HTTP and configure it to cache the contents. Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 - 1000x,...

7.5CVSS7AI score0.0121EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/11/15 3:6 p.m.4 views

golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty

A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity...

5.3CVSS7.2AI score0.02279EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/12/09 8:19 p.m.5 views

golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty

A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity...

5.3CVSS7.2AI score0.02279EPSS
Exploits1References5
Rows per page
Query Builder