737 matches found
PT-2020-2534 · Node.Js +8 · Node.Js +8
Name of the Vulnerable Software and Affected Versions: Node.js versions 10 through 13 Description: The issue is related to insufficient input validation when processing HTTP headers in Node.js, allowing a remote attacker to gain full control over the application through various network protocols...
CVE-2020-5236
Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and...
CRLF Injection
ktor is vulnerable to request smuggling. Lack of validation of the Content-Length and Transfer-Encoding headers allows a remote attacker to inject \n characters as a header separator and smuggle request through the server...
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress
Impact If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Content-Length: 10 Transfer-Encoding: \x0bchunked For clarity: 0x0b == vertical...
GHSA-M5FF-3WJ3-8PH4 HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress
Impact If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Content-Length: 10 Transfer-Encoding: \x0bchunked For clarity: 0x0b == vertical...
PT-2019-6234 · Waitress +3 · Waitress +3
Name of the Vulnerable Software and Affected Versions: Waitress versions 1.4.0 and earlier Description: The issue is related to the incorrect handling of special whitespace characters in the Transfer-Encoding header, which can lead to HTTP request smuggling and potentially result in cache poisoni...
GitHub Security Lab: Netty HTTP Response Splitting (CRLF Injection) due to disabled header validation
This bug was reported directly to GitHub Security Lab...
PT-2019-5716 · Python +10 · Python +10
Name of the Vulnerable Software and Affected Versions: Python versions through 3.8.3 Description: The issue is related to the proc pax function in Lib/tarfile.py, which lacks proper header validation, allowing an attacker to craft a TAR archive that can cause an infinite loop when opened by...
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. Impact 1. Cross-User Defacement 2. Cache...
GHSA-35FR-H7JR-HH86 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. Impact 1. Cross-User Defacement 2. Cache...
OPENSUSE-SU-2019:2596-1 Security update for cpio
This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the tooct function which could have led to unexpected TAR generation bsc1155199. This update was imported from the SUSE:SLE-15:Update update...
CVE-2019-1974
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user...
CVE-2019-1937
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing...
Design/Logic Flaw
A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass user authentication and gain access as an administrative user...
PT-2019-3022 · Cisco · Cisco Ucs Director Express For Big Data +2
Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller IMC Supervisor versions affected versions not specified Cisco UCS Director versions affected versions not specified Cisco UCS Director Express for Big Data versions affected versions not specified...
PT-2019-11415 · Kentico · Kentico Xperience
Name of the Vulnerable Software and Affected Versions: Kentico Xperience versions 9.x and earlier Kentico Xperience versions 10.0.x through 10.0.51 Kentico Xperience versions 11.0.x through 11.0.47 Kentico Xperience versions 12.0.x through 12.0.14 Description: The issue is related to the...
nodejs: Inspector DNS rebinding vulnerability
It was found that when a Node.js script is run in inspector mode, Node.js did not properly validate the Host header, leaving the inspector vulnerable to a DNS rebind attack and bypass same-origin policy. If a developer had an inspector session running, and was visiting a malicious website, the si...
CVE-2018-15402
Cisco Enterprise NFV Infrastructure Software (NFVIS) contains a CSRF vulnerability (CVE-2018-15402) arising from improper Origin header validation in the management HTTP interface. An unauthenticated, remote attacker can lure a user to a malicious page to perform actions with the user’s privilege...
CVE-2018-0455
A vulnerability in the Server Message Block Version 2 SMBv2 and Version 3 SMBv3 protocol implementation for the Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the device to run low on system memory, possibly preventing the device from forwarding traffic. ...
Cisco Firepower System Software Detection Engine Denial of Service Vulnerability
A vulnerability in the Server Message Block Version 2 SMBv2 and Version 3 SMBv3 protocol implementation for the Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the device to run low on system memory, possibly preventing the device from forwarding traffic. ...