275 matches found
python-aiohttp: http request smuggling
An HTTP request smuggling vulnerability was found in aiohttp. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets that must trigger error handling to robustly match frame boundaries of proxies in order to protect against the injection of...
Important: squid
Issue Overview: A flaw was found in squid. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements ...
BIT-HAPROXY-2023-25950
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service DoS condition...
openSUSE: Security Advisory for python (openSUSE-SU-2023:0233-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for python (openSUSE-SU-2023:0232-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-21647
A flaw was found in Puma rubygem. Versions prior 6.4.2 are susceptible to a HTTP smuggling attack when parsing chunked transfer encoding bodies on HTTP messages, which don't limit the size of the message chunk extensions. This issue may lead to uncontrolled resource consumption, possibly resultin...
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Impact The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. To pass extra control data between...
Amazon Linux 2023 : squid (ALAS2023-2023-429)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-429 advisory. 2023-12-06: CVE-2023-46728 was added to this advisory. Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 pri...
MGASA-2023-0315 Updated squid packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Request/Response smuggling in HTTP/1.1 and ICAP. CVE-2023-46846 Denial of Service in HTTP Digest Authentication. CVE-2023-46847 Denial of Service in FTP. CVE-2023-46848...
SUSE SLES15 Security Update : squid (SUSE-SU-2023:4384-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4384-1 advisory. - Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 an...
SUSE-SU-2023:4384-1 Security update for squid
This update for squid fixes the following issues: - CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP bsc1216500. - CVE-2023-46847: Denial of Service in HTTP Digest Authentication bsc1216495. - CVE-2023-46724: Fix validation of certificates with CN= bsc1216803. - CVE-2023-46848:...
squid: Request/Response smuggling in HTTP/1.1 and ICAP
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...
SUSE-SU-2023:4380-1 Security update for squid
This update for squid fixes the following issues: - CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP bsc1216500. - CVE-2023-46847: Denial of Service in HTTP Digest Authentication bsc1216495. - CVE-2023-46724: Fix validation of certificates with CN= bsc1216803. - CVE-2023-46848:...
ALPINE-CVE-2023-46846
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...
UBUNTU-CVE-2023-46846
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...
Security Bulletin: IBM Storage Ceph is vulnerable to an HTTP request/response smuggling vulnerablity in Golang Go
Summary Golang Go is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2022-27664, CVE-2022-2879, CVE-2022-2880, CVE-2022-32189, CVE-2022-41715. Vulnerability Details CVEID: CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in...
SUSE-SU-2023:4210-1 Security update for jetty-minimal
This update for jetty-minimal fixes the following issues: - Updated to version 9.4.53.v20231009: - CVE-2023-44487: Fixed a potential denial of service scenario via RST frame floods bsc1216169. - CVE-2023-36478: Fixed an integer overflow in the HTTP/2 HPACK decoder bsc1216162. - CVE-2023-40167:...
OPENSUSE-SU-2023:0233-1 Security update for python-mitmproxy
This update for python-mitmproxy fixes the following issues: - CVE-2021-39214: Fixed HTTP smuggling attacks boo1190603...
OPENSUSE-SU-2023:0232-1 Security update for python-mitmproxy
This update for python-mitmproxy fixes the following issues: - CVE-2021-39214: Fixed HTTP smuggling attacks boo1190603...
Security update for python-mitmproxy (moderate)
openSUSE Security Update: Security update for python-mitmproxy Announcement ID: openSUSE-SU-2023:0233-1 Rating: moderate References: 1190603 Cross-References: CVE-2021-39214 CVSS scores: CVE-2021-39214 NVD : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports...