Lucene search
K

3718 matches found

OSV
OSV
added 2024/02/17 5:15 a.m.6 views

CVE-2024-21499

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS...

4.3CVSS5.8AI score0.00499EPSS
Exploits0References3
Prion
Prion
added 2024/02/17 5:15 a.m.17 views

Design/Logic Flaw

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS...

4.3CVSS7.5AI score0.00499EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/17 5:0 a.m.14 views

CVE-2024-21499

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS...

4.3CVSS7.1AI score0.00499EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/17 5:0 a.m.20 views

CVE-2024-21499

All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS...

4.3CVSS5.2AI score0.00499EPSS
Exploits0References3
Veracode
Veracode
added 2024/02/15 7:37 a.m.26 views

Denial Of Service (DoS)

libsquid.so is vulnerable to Denial Of Service DoS. The vulnerability is due to HTTP header parsing, allowing remote attackers to perform Denial of Service attacks by sending oversized headers...

7.5CVSS6.9AI score0.88864EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/02/14 9:15 p.m.3 views

DEBIAN-CVE-2024-25617

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of...

7.5CVSS6.8AI score0.88864EPSS
Exploits0References1
Prion
Prion
added 2024/02/14 9:15 p.m.31 views

Design/Logic Flaw

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of...

5CVSS7.1AI score0.88864EPSS
Exploits0References2
OSV
OSV
added 2024/02/14 9:15 p.m.1 views

UBUNTU-CVE-2024-25617

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of...

7.5CVSS6.8AI score0.88864EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/02/14 8:55 p.m.37 views

CVE-2024-25617 Denial of Service in HTTP Header parser in squid proxy

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of...

5.3CVSS6.9AI score0.88864EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/14 8:55 p.m.25 views

CVE-2024-25617 Denial of Service in HTTP Header parser in squid proxy

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of...

5.3CVSS6.8AI score0.88864EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/02/12 10:38 a.m.5 views

jetty: Improper validation of HTTP/1 content-length

A flaw was found in Jetty that permits a plus sign + preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400...

5.3CVSS7.1AI score0.01069EPSS
Exploits0References6
NVD
NVD
added 2024/02/09 1:15 a.m.27 views

CVE-2023-45190

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

6.1CVSS5.8AI score0.00255EPSS
Exploits0References2
Prion
Prion
added 2024/02/09 1:15 a.m.13 views

Cross site scripting

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

5.8CVSS6.7AI score0.00255EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/09 12:32 a.m.13 views

CVE-2023-45190 IBM Engineering Lifecycle Optimization HTTP header injection

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

5.1CVSS6.3AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/09 12:32 a.m.29 views

CVE-2023-45190 IBM Engineering Lifecycle Optimization HTTP header injection

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

5.1CVSS6.1AI score0.00255EPSS
Exploits0References2
CVE
CVE
added 2024/02/09 12:32 a.m.57 views

CVE-2023-45190

CVE-2023-45190 affects IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3. The issue is HTTP header injection caused by improper validation of HOST headers, which can enable cross-site scripting, cache poisoning, or session hijacking. Public details consistently cite this vulnerability with t...

6.1CVSS6AI score0.00255EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/07 8:56 a.m.23 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3

Summary IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3 Vulnerability Details CVEID:CVE-2023-45187 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishing does not invalidate session after logout which could allow an authenticated...

8.8CVSS6AI score0.00663EPSS
Exploits0Affected Software1
Prion
Prion
added 2024/02/05 3:15 p.m.18 views

Design/Logic Flaw

python-multipart is a streaming multipart parser for Python. When using form data, python-multipart uses a Regular Expression to parse the HTTP Content-Type header, including options. An attacker could send a custom-made Content-Type option that is very difficult for the RegEx to process, consumi...

5CVSS7.3AI score0.01523EPSS
Exploits1References8Affected Software1
CNVD
CNVD
added 2024/02/05 12:0 a.m.18 views

IBM Tivoli Application Dependency Discovery Manager HTTP Header Injection Vulnerability

IBM Tivoli Application Dependency Discovery Manager TADDM is a product in the suite of IT service management solutions from International Business Machines IBM. The product provides robust automated application mapping and discovery to help administrators understand the structure, state,...

10CVSS7AI score0.00785EPSS
Exploits0References1
NVD
NVD
added 2024/02/02 9:15 p.m.21 views

CVE-2024-23553

A cross-site scripting XSS vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute...

5.4CVSS4.7AI score0.00255EPSS
Exploits0References1
Rows per page
Query Builder