2 matches found
traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`)
Impact There is a potential vulnerability in Traefik managing the Connection header with X-Forwarded headers. When Traefik processes HTTP/1.1 requests, the protection put in place to prevent the removal of Traefik-managed X-Forwarded headers such as X-Real-Ip, X-Forwarded-Host, X-Forwarded-Port,...
PT-2020-16995 · Sippy +3 · Sippy Softswitch +3
Name of the Vulnerable Software and Affected Versions: Kamailio versions prior to 5.4.0 Sippy Softswitch versions 4.5 through 5.2 Description: The issue allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove hf function in the Kamailio textop...