Oracle Linux 8 : nodejs:18 (ELSA-2023-1583)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1583 advisory. - Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 Tenable has extracted the preceding description block directly from the Oracl...

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

Important: nodejs

Issue Overview: This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. CVE-2022-25881 Affected Packages: nodejs Issue...

Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023

Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF018 and 22.0.2-IF002. Vulnerability Details CVEID:CVE-2022-38749 DESCRIPTION: SnakeYAML is vulnerable to a denial of servic...

SUSE CVE-2022-25881

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...

Improper Authorization

Symfony is vulnerable to Improper Authorization. The vulnerability exists in Store.php because the HTTP cache system stores all headers, which can potentially be stored and then subsequently returned to other clients, which would allow an attacker to retrieve the victim's session...

SUSE CVE-2013-4090

Varnish HTTP cache before 3.0.4: ACL bug...

Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service

This advisory is withdawn. cacheable-request depends on http-cache-semanttics, which contains an Inefficient Regular Expression Complexity in versions prior to 4.1.1 of that package. cacheable-request has been updated to rely on the fixed version in 10.2.7. Summary of http-cache-semantics...

GHSA-8X6C-CV3V-VP6G Withdrawn: cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service

This advisory is withdawn. cacheable-request depends on http-cache-semanttics, which contains an Inefficient Regular Expression Complexity in versions prior to 4.1.1 of that package. cacheable-request has been updated to rely on the fixed version in 10.2.7. Summary of http-cache-semantics...

PT-2023-33000 · Unknown · Http-Cache-Semantics +1

Name of the Vulnerable Software and Affected Versions: http-cache-semantics versions prior to 4.1.1 cacheable-request versions prior to 10.2.7 Description: The issue is related to an Inefficient Regular Expression Complexity in http-cache-semantics, which can lead to Denial of Service. This can b...

Fedora 36 : php-symfony4 (2023-aecde14648)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-aecde14648 advisory. Version 4.4.50 2023-02-01 security cve-2022-24895 Security/Http Remove CSRF tokens from storage on successful login nicolas-grekas security...

CVE-2022-24894

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...

Design/Logic Flaw

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...

UBUNTU-CVE-2022-24894

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...

CVE-2022-24894 Symfony storing cookie headers in HttpCache

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...

CVE-2022-24894

Mode C: CVE-2022-24894 affects Symfony (PHP framework) where the HTTP cache system can inadvertently store a response containing a Set-Cookie header and serve it to subsequent clients. Root cause: a change in AbstractSessionListener allows the response to include Set-Cookie when HTTP caching is e...

CVE-2022-24894 Symfony storing cookie headers in HttpCache

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...

CVE-2022-24894 Symfony storing cookie headers in HttpCache

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...