Configuration Issues

webkitgtk4 has configuration issues. The vulnerability exists as it failed to properly apply configured HTTP proxy settings when downloading livestream video of HLS, DASH, or Smooth Streaming...

webkitgtk: HTTP proxy setting deanonymization information disclosure

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...

Potential HTTP Request Smuggling Vulnerability in WEBrick

WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to "smuggle" a request. See CWE-444 in detail...

Security Bulletin: IBM Event Streams is affected by a Node.js http-proxy and lodash module vulnerabilities

Summary IBM Event Streams is affected by a Node.js http-proxy and lodash module denial of service vulnerabilities Vulnerability Details Third Party Entry: 183560 DESCRIPTION: Node.js lodash module denial of service CVSS Base score: 7.5 CVSS Temporal Score: See:...

Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise V11

Summary IBM App Connect Enterprise V11 ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details Third Party Entry: 183561 DESCRIPTION: Node.js http-proxy module denial of service CVSS Base score: 7.5 CVSS...

@acanto/october-scripts (=3.2.2), @acanto/workflow (=5.1.0) +1214 more potentially affected by unknown CVE via http-proxy (>=0.10.0 <=1.18.0)

http-proxy NPM version =0.10.0, =2018.7.11-0, =0.0.1, =0.156.0, =2.6.6, =4.0.0, =3.0.1, =0.0.1, =1.12.2-next.3, =1.0.0, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-6X33-PW7P-HMPQ...

GHSA-6X33-PW7P-HMPQ Denial of Service in http-proxy

Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERRHTTPHEADERSSENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader...

Denial of Service in http-proxy

Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERRHTTPHEADERSSENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader...

HTTP/HTTPS proxy support on NetScaler based on Traffic Policies Secure Web

This article describes how to configure NetScaler to proxy the traffic from MDX apps through a Proxy server like Squid, Bluecoat. Enterprises can proxy traffic configuring simple traffic rules on NetScaler box...

Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack

A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said th...

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js http-proxy module denial of service

Summary Node.js http-proxy module is vulnerable to a denial of service. By sending a specially crafted HTTP request with an overly long body, a remote attacker could exploit this vulnerability to trigger an ERRHTTPHEADERSSENT unhandled exception and crash the server. Vulnerability Details Third...

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) Multiple Vulnerabilities (000253095)

The Trend Micro InterScan Web Security Virtual Appliance is affected by multiple vulnerabilities : - A path traversal vulnerability exists in the Apache Solr application due to improper validation of a user-supplied path prior to using it in file operations when parsing the file parameter in an...

Lazarus Group Surfaces with Advanced Malware Framework

The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems. Kaspersky researchers uncovered a series of attacks utilizing MATA so-called because the malware authors themselves call...

CVE-2020-6868

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation...

CVE-2020-6868

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation...

CVE-2020-6868

The CVE-2020-6868 entry concerns a ZTE F680 PON gateway (V9.0.10P1N6) with an input validation flaw in the WAN-connection creation interface exposed via WEB management. The front-end enforces a length limit on the WAN connection name, but an HTTP proxy can bypass this limit, allowing an attacker ...

Denial Of Service (DoS)

http-proxy is vulnerable to denial of service DoS. The vulnerability exists when an attacker sends an HTTP request with a long body, resulting in an unhandled exception ERRHTTPHEADERSSENT and crashing the proxy server...

CVE-2020-5883

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTPPROXYREQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak...

[SECURITY] Fedora 30 Update: haproxy-1.8.25-1.fc30

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists as the same-origin policy in Firefox treated http://example.com and http://example.com as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information such as a client's IP and us...