Security Bulletin: IBM TRIRIGA Application Platform discloses CVE-2020-13956

Summary IBM TRIRIGA Application Platform discloses CVE-2020-13956 Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing...

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-13956

Summary IBM TRIRIGA Application Platform discloses CVE-2020-13956 Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing...

Cisco ASA Clientless SSL VPN (WebVPN) Brute-force Login Utility

This module scans for Cisco ASA Clientless SSL VPN WebVPN web login portals and performs login brute-force to identify valid credentials. Module Options msf use auxiliary/scanner/http/ciscoasaclientlessvpn msf auxiliaryciscoasaclientlessvpn show actions ...actions... msf...

Security update for nim (important)

openSUSE Security Update: Security update for nim Announcement ID: openSUSE-SU-2022:10101-1 Rating: important References: 1175332 1175333 1175334 1181705 1185083 1185084 1185085 1185948 1192712 Cross-References: CVE-2020-15690 CVE-2020-15692 CVE-2020-15693 CVE-2020-15694 CVE-2021-21372...

USN-5239-1 httpcomponents-client vulnerability

It was discovered that HttpClient mishandled certain input. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code...

USN-5239-1: HttpClient vulnerability

It was discovered that HttpClient mishandled certain input. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code...

CVE-2022-26437

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831...

CVE-2022-26437

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831...

CVE-2022-26437

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831...

Out-of-bounds

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831...

CVE-2022-26437

CVE-2022-26437 affects the httpclient component, with an out-of-bounds write caused by uninitialized data. The described impact is a remote escalation of privilege without extra execution privileges, and exploitation does not require user interaction. Patch reference: WSAP00103831 (Issue ID WSAP0...

CVE-2022-26437

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831...

PT-2022-17846 · Unknown · Httpclient

Name of the Vulnerable Software and Affected Versions: httpclient affected versions not specified Description: The issue is related to an out of bounds write due to uninitialized data in httpclient. This could lead to remote escalation of privilege with no additional execution privileges needed...

PT-2022-4408 · Apache · Apache Calcite Avatica Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Apache Calcite Avatica JDBC driver versions prior to 1.22.0 Description: The issue is related to the creation of HTTP client instances based on class names provided via the httpclient impl connection property. The driver does not verify if th...

Jetty invalid URI parsing may produce invalid HttpURI.authority

Description URI use within Jetty's HttpURI class can parse invalid URIs such as http://localhost;/path as having an authority with a host of localhost;. A URIs of the type http://localhost;/path should be interpreted to be either invalid or as localhost; to be the userinfo and no host. However,...

Atlassian Confluence Namespace OGNL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Namespace OGNL Injection', 'Description' = %q This module exploits an OGNL injection in Atlassian Confluence servers. A...

Denial Of Service (DoS)

.NET and Visual Studio are vulnerable to denial of service. The vulnerability exists due to a flaw in dotnet allowing an attacker to crash the system by applying MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

This Week in Spring - May 31st, 2022

Hi, Spring fans! And welcome to another installment of This Week in Spring! Ive just returned from three wonderful weeks overseas and now, Im pleased as punch to convey, that Im home! And hopefully, COVID-19 free! Who knows what sort of nonsense I caught on the flight home, anyway. Some things, I...

CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

Oracle Linux 8 : maven:3.5 (ELSA-2022-1861)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1861 advisory. - Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as...