6254 matches found
Allow HTTP Strict Transport Security (HSTS) to be configured in Bamboo 10
h3. Issue Summary This is reproducible on Data Center: / Up until Bamboo 9.6, HTTP Strict Transport Security|https://tools.ietf.org/html/rfc6797 was configurable in Bamboo by following the steps outlined in this KB article: How do I enable HSTS and other HTTP Security Headers in Bamboo Data...
NginxProxyManager å®å Øę¼ę“
NginxProxyManager is NginxProxyManager individual developer's Docker container for managing Nginx proxy hosts with a simple, powerful interface. A security vulnerability exists in NginxProxyManager version 2.11.3, which stems from a command injection issue in the...
Puma's header normalization allows for client to clobber proxy set headers
Impact Clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users trusting headers set by their proxy may be affected. Attackers may be able to downgrade connections to HTTP non-SSL or redirect...
GHSA-9HF4-67FC-4VF4 Puma's header normalization allows for client to clobber proxy set headers
Impact Clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users trusting headers set by their proxy may be affected. Attackers may be able to downgrade connections to HTTP non-SSL or redirect...
RHSA-2019:2745 Red Hat Security Advisory: rh-nginx110-nginx security update
Bulletin has no description...
RHSA-2019:2746 Red Hat Security Advisory: rh-nginx112-nginx security update
Bulletin has no description...
RHSA-2019:2775 Red Hat Security Advisory: rh-nginx114-nginx security update
Bulletin has no description...
CVE-2024-45614
A flaw was found in rubygem-puma. In affected versions, clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing an underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables are affected. v6.4.3/v5.6.9 now discards any...
Puma's header normalization allows for client to clobber proxy set headers
Impact Clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users trusting headers set by their proxy may be affected. Attackers may be able to downgrade connections to HTTP non-SSL or redirect...
CVE-2024-45614
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...
CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...
CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...
CVE-2024-45614
Puma (Ruby/Rack) is affected by CVE-2024-45614 due to improper header normalization that lets clients clobber proxy headers via an underscore variant (X-Forwarded_For). Affected versions do not discard the underscore header when the non-underscore header exists; fixed in v6.4.3 and v5.6.9 which n...
CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...
CVE-2024-45614
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...
PT-2024-6618
Name of the Vulnerable Software and Affected Versions: Puma versions prior to 6.4.3 Puma versions prior to 5.6.9 Description: The issue is related to the handling of HTTP requests in Puma, a Ruby/Rack web server. Clients could overwrite values set by intermediate proxies, such as X-Forwarded-For,...
The vulnerability of the config_dirs function in the NGINX Agent demon and the NGINX Instance Manager automation platform allows a hacker to write or overwrite any files they desire.
The vulnerability of the configdirs function in the NGINX Agent demon and the NGINX Instance Manager platform relates to the ability to load arbitrary files beyond the expected directory path. Exploiting this vulnerability allows a malicious actor to write or rewrite arbitrary files remotely...
Ubuntu: Security Advisory (USN-7014-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7014-1: nginx vulnerability
It was discovered that the nginx ngxhttpmp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service...
USN-7014-1 nginx vulnerability
It was discovered that the nginx ngxhttpmp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service...