BIT-GOLANG-2023-39326 Denial of service via chunk extensions in net/http

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...

BIT-DRUPAL-2022-29248 Cross-domain cookie leakage in Guzzle

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server ...

BIT-DRUPAL-2022-31042 Failure to strip the Cookie header on change in host or HTTP downgrade in Guzzle

Guzzle is an open source PHP HTTP client. In affected versions the Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a...

BIT-DRUPAL-2022-31043 Fix failure to strip Authorization header on HTTP downgrade in Guzzle

Guzzle is an open source PHP HTTP client. In affected versions Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This ...

CVE-2023-45289

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...

PT-2024-2133

Name of the Vulnerable Software and Affected Versions: golang versions affected versions not specified http.Client affected versions not specified Description: The issue is related to how an http.Client handles HTTP redirects. When an HTTP redirect is made to a domain that is not a subdomain matc...

openSUSE: Security Advisory for java (SUSE-SU-2023:3023-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 9 : python-urllib3-1.26.5-4.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- urllib3-1.26.5-4.el9 build changelog. - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers fo...

CentOS 9 : python3.11-urllib3-1.26.12-2.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python3.11-urllib3-1.26.12-2.el9 build changelog. - urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helper...

Undertow Uncontrolled Resource Consumption Vulnerability

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

GHSA-W6QF-42M7-VH68 Undertow Uncontrolled Resource Consumption Vulnerability

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

Kafka UI 0.7.1 Command Injection Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kafka UI Unauthenticated Remote Command Execution via the Groovy Filter option.', 'Description' = %q A command injection vulnerability exists in...

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

Design/Logic Flaw

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

CVE-2024-1635 Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

CVE-2024-1635

Undertow vulnerability CVE-2024-1635 affects servers supporting the wildfly-http-client protocol. The issue arises during HTTP upgrade to remoting: WriteTimeoutStreamSinkConduit is not notified when a RemotingConnection is closed, causing timeout tasks to leak and accumulate, which leaks connecti...

CVE-2024-1635 Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

CVE-2024-1635

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...