SUSE CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

SUSE CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

USN-5839-1 apache2 vulnerabilities

It was discovered that the Apache HTTP Server moddav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2006-20001 ZeddYuLu discovered that the Apache HTTP Server modproxyajp...

SUSE-SU-2022:4013-1 Security update for apache2-mod_wsgi

This update for apache2-modwsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. bsc1201634...

SUSE-SU-2022:4010-1 Security update for apache2-mod_wsgi

This update for apache2-modwsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. bsc1201634...

Server-side Request Forgery (SSRF)

github.com/zalando/skipper is vulnerable to server-side request forgery. The vulnerability exists because proxy.go does not properly pass URLs via the request context, allowing an attacker to redirect to the malicious URLs through the X-Skipper-Proxy header...

PT-2022-24469 · Zalando · Zalando Skipper

Name of the Vulnerable Software and Affected Versions: Zalando Skipper versions prior to v0.13.237 Description: The issue allows an attacker to exploit a vulnerable version of the proxy to access the internal metadata server or other unauthenticated URLs by adding a specific header X-Skipper-Prox...

Zimbra Collaboration Suite 代码问题漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A code issue vulnerability exists in Zimbra Collaboration Suite ZCS version 8.8.15, 9.0, which stems from the value of the X-Forwarded-Host header...

Unintended Proxy or Intermediary

Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Unintended Proxy or Intermediary. Go Vulnerability Report: An input validation flaw in the CGI components allows the HTTPPROXY environment variable to be set by the incoming Pro...

Unintended Proxy or Intermediary

Overview std/net/http/cgi is a Go standard library package std/net/http/cgi Affected versions of this package are vulnerable to Unintended Proxy or Intermediary. Go Vulnerability Report: An input validation flaw in the CGI components allows the HTTPPROXY environment variable to be set by the...

OESA-2022-1783 golang security update

The Go Programming Language Security Fixes: When httputil.ReverseProxy.ServeHTTP was called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy would set the client IP as the value of the X-Forwarded-For header, contrary to its documentation. In the more...

CLSA-2022-1656959316 Fix CVE(s):

Fix undefined references in approxycreatehdrbrgd - ELS-190...

CLSA-2022-1656958887 Fixed CVE-2022-31813 in httpd-43.module_el8.5.0+2067+6f259f31.tuxcare.els7

ELS-190: Fix undefined reference to PROXYSHOULDPING100CONTINUE in approxycreatehdrbrgd that occured in httpd-2.4.37-CVE-2022-31813.patch...

Elastic APM agent for Python client CGI proxy redirection flaw

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

GHSA-V646-RX6W-R3QQ Improper Access Control in Apache Tomcat

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

DEBIAN-CVE-2021-23409

The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service DoS via creating connections without the proxy protocol header...

Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

GHSA-3GQJ-CMXR-P4X2 Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

DEBIAN-CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

PYSEC-2020-214

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...