GHSA-PCX7-8HXG-J823 Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgwc-jh89-rpgq. This link is maintained to preserve external references. Original Description A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.0.6 Update

New Red Hat build of Keycloak 26.0.6 packages with security impact Important are available from the Customer Portal Red Hat build of Keycloak 26.0.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobi...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.0.6 Images Update

New images with security impact Important are available for Red Hat build of Keycloak 26.0.6 and Red Hat build of Keycloak 26.0.6 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 24.0.9 Update

New Red Hat build of Keycloak 24.0.9 packages with security impact Important are available from the Customer Portal Red Hat build of Keycloak 24.0.9 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobi...

Foreman 授权问题漏洞

Foreman is Foreman's open source set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. Foreman has an authorization issue vulnerability that stems from modproxy not proper...

OESA-2024-1947 python-urllib3 security update

Sanity-friendly HTTP client for Python Security Fixes: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without usi...

SUSE CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

PT-2024-9408

Name of the Vulnerable Software and Affected Versions: urllib3 versions prior to 1.26.19 urllib3 versions prior to 2.2.2 Description: The issue is related to the handling of the Proxy-Authorization header in urllib3, a Python HTTP client library. When using urllib3's proxy support with...

OESA-2024-1105 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map...

EulerOS Virtualization 2.9.0 : python-pip (EulerOS-SA-2023-2995)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination server...

OESA-2023-1982 rubygem-puma security update

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow...

RHEL 7 : rh-python38-python (RHSA-2023:6793)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6793 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

python-requests: Unintended leak of Proxy-Authorization header

A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuildproxies is used to recompute and reattach the Proxy-Authorization...

Lack Of Proxy Header Validation

github.com/goauthentik/authentik is vulnerable to Lack Of Header Validation. The vulnerability exists because the library does not properly verify the source of the X-Forwarded-For and X-Real-IP headers, allowing attackers to spoof the IP addresses in logs bypassing the custom flows...

Emby Server Proxy Header Spoofing Vulnerability (GHSA-fffj-6fr6-3fgf)

Emby Server is prone to a proxy header spoofing vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:emby:emby.releases...

K73071205: PHP vulnerability CVE-2016-5385

Security Advisory Description PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

K07112184: HHVM vulnerability CVE-2016-1000109

Security Advisory Description HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

SUSE CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

SUSE CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...

SUSE CVE-2016-5388

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...