Envoy has an unspecified vulnerability (CNVD-2021-58577)

Envoy is an open source distributed proxy server. a security vulnerability exists in Envoy, which stems from the fact that Envoy hosts between 2d69e30 and 3b5acb2 may not be able to resolve request URLs that require host normalization. no details of the vulnerability are currently available...

LY Corporation: Path traversal in a Tomcat server

A path traversal vulnerability was discovered in a Tomcat server, which allowed an attacker to access internal resources such as the administrator page. The vulnerability was caused by a misconfiguration between the reverse proxy and the WAS, and occurred when the attacker entered the string "..;...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

GHSA-X44X-R84W-8V67 Lack of URL normalization may lead to authorization bypass when URL access rules are used

Impact When access rules are used inside a protected host, some URL encodings may bypass filtering system. Patches Version 0.5.2 includes a patch that fixes the vulnerability Workarounds No way for users to fix or remediate the vulnerability without upgrading References...

Lack of URL normalization may lead to authorization bypass when URL access rules are used

Impact When access rules are used inside a protected host, some URL encodings may bypass filtering system. Patches Version 0.5.2 includes a patch that fixes the vulnerability Workarounds No way for users to fix or remediate the vulnerability without upgrading References...

SUSE-SU-2020:2237-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. - bsc1161883, bsc1174458 - qemu: Setup emulator thread and cpuset.mems before exec - bsc1171946 - libxl:...

SUSE-SU-2020:2233-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2020-14339: Don't leak /dev/mapper/control into QEMU. Use ioctl's to obtain the dependency tree of disks and drop use of libdevmapper. - bsc1161883, bsc1174458 - qemu: Setup emulator thread and cpuset.mems before exec - bsc1171946 - libxl:...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass

A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass...

CVE-2020-1757

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an...