squid: denial of service in HTTP header parser

A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages...

Ubuntu: Security Advisory (USN-6671-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6670-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python-aiohttp: numerous issues in HTTP parser with header parsing

An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests...

USN-6670-1: php-guzzlehttp-psr7 vulnerabilities

It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack...

USN-6670-1 php-guzzlehttp-psr7 vulnerabilities

It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack...

CentOS 9 : toolbox-0.0.99.4-3.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the toolbox-0.0.99.4-3.el9 build changelog. - Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause...

CentOS 9 : toolbox-0.0.99.3-9.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the toolbox-0.0.99.3-9.el9 build changelog. - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP heade...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty impact IBM Common Licensing

Summary Multiple vulnerabilities in IBM WebSphere Liberty impact IBM License Key Server Administration and Reporting Tool and IBM LKS Administration Agent. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application...

SUSE CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46...

DEBIAN-CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46...

PT-2024-1968 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G version A1V1.0.2B05 Description: The issue is related to Null-pointer dereferences in the sub 4484A8 function, which can be exploited by attackers to cause a Denial of Service DoS via a crafted input. This vulnerability is...

Liferay Portal and Liferay DXP HTTP Header Can Expose Versions

In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property http.header.version.verbosity is set to full, which allows remote...

GHSA-2MVJ-Q2Q3-WXJV Liferay Portal and Liferay DXP HTTP Header Can Expose Versions

In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property http.header.version.verbosity is set to full, which allows remote...

CVE-2024-26267

In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property http.header.version.verbosity is set to full, which allows remote...

CVE-2024-26267

CVE-2024-26267 affects Liferay Portal 7.2.0–7.4.3.25 and older unsupported versions, plus Liferay DXP 7.4 before update 26, 7.3 before update 5, and 7.2 before fix pack 19. The root cause is the portal property http.header.version.verbosity defaulting to full, enabling remote attackers to identif...

HTTP Header Injection

github.com/greenpau/caddy-security is vulnerable to HTTP Header Injection. The vulnerability is due the handling of the X-Forwarded-Proto header, specifically when redirecting to the injected protocol. Exploiting this vulnerability could lead to the bypass of security mechanisms or TLS protocol...

Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS...

GHSA-R969-783F-6JQR Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS...

CVE-2024-21499

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS...