Apache Httpd < 2.4.39 : Apache httpd URL normalization inconsistincy

When the path component of a request URL contains multiple consecutive slashes '/', directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them...

DEBIAN-CVE-2019-6462

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function arcerrornormalized in the file cairo-arc.c, related to arcmaxanglefortolerancenormalized...

ALPINE-CVE-2019-6462

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function arcerrornormalized in the file cairo-arc.c, related to arcmaxanglefortolerancenormalized...

UBUNTU-CVE-2019-6462

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function arcerrornormalized in the file cairo-arc.c, related to arcmaxanglefortolerancenormalized...

PT-2019-6389 · Cairo +4 · Cairo +4

Name of the Vulnerable Software and Affected Versions: Cairo version 1.16.0 Description: The issue is related to an infinite loop in the arc error normalized function in the cairo-arc.c file of the Cairo vector graphics library. This loop has an unreachable exit condition. Exploitation of this...

XSS vulnerability with unsafe link protocols

An XSS vulnerability CVE-2018-20583 has been identified in the following versions of this library: 0.15.6 0.15.7 0.16.0 0.17.0 0.17.1 0.17.2 0.17.3 0.17.4 0.17.5 0.18.0 It allows unsafe URLs to be added to links. The issue has been fixed in version 0.18.1. All users should upgrade to version 0.18...

Directory Traversal

catalina is vulnerable to directory traversal attacks. The vulnerability exists due to an improper path normalization on the URI, allowing directory traversal attacks...

CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

Cross site request forgery (csrf)

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

UBUNTU-CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

DEBIAN-CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...

Oracle GlassFish Server URL normalization Denial of Service

The instance of Oracle GlassFish Server running on the remote host is affected by an authenticated and unauthenticated denial of service vulnerability. The vulnerability is a result of an infinite loop in the normalize method in com.sun.jsftemplating.util.fileStreamer.ResourceContentSource. A...

isapi_redirect: Mishandled HTTP request paths in jk_isapi_plugin.c can lead to unintended exposure of application resources via the reverse proxy

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

CVE-2018-0271

A vulnerability in the API gateway of the Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could...

CVE-2018-0271

A vulnerability in the API gateway of the Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could...

Authentication flaw

A vulnerability in the API gateway of the Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could...

CVE-2018-0271

A vulnerability in the API gateway of the Cisco Digital Network Architecture DNA Center could allow an unauthenticated, remote attacker to bypass authentication and access critical services. The vulnerability is due to a failure to normalize URLs prior to servicing requests. An attacker could...

Directory traversal

The Grails Resource Plugin often has to exchange URIs for resources with other internal components. Those other components will decode any URI passed to them. To protect against directory traversal the Grails Resource Plugin did the following: normalized the URI, checked the normalized URI did no...