Lucene search
K

180 matches found

Vulnrichment
Vulnrichment
added 2024/07/11 8:40 p.m.20 views

CVE-2024-6468 Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, the Vault...

7.5CVSS6.8AI score0.00491EPSS
Exploits0References1
OSV
OSV
added 2024/07/11 8:40 p.m.5 views

CVE-2024-6468 Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, the Vault...

7.5CVSS7AI score0.00491EPSS
Exploits0References4
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/07/11 7:29 p.m.6 views

Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior

Summary Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, t...

7.5CVSS6.9AI score0.00491EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/11 12:0 a.m.3 views

PT-2024-5874 · Hashicorp +2 · Vault Enterprise +3

Name of the Vulnerable Software and Affected Versions: Vault and Vault Enterprise versions prior to 1.15.12 Vault and Vault Enterprise versions prior to 1.16.6 Vault and Vault Enterprise versions prior to 1.17.2 Description: The issue is related to the improper handling of requests originating fr...

7.8CVSS7.1AI score0.00528EPSS
Exploits0References26
OSV
OSV
added 2024/06/04 3:19 p.m.33 views

GO-2024-2853 sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address in github.com/tg123/sshpiper

sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address in github.com/tg123/sshpiper...

5.3CVSS5.2AI score0.0026EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/28 12:0 a.m.22 views

Oracle Linux 8 : 389-ds:1.4 (ELSA-2024-3047)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3047 advisory. - Resolves: RHEL-23209 - CVE-2024-1062 389-ds:1.4/389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars in...

5.5CVSS5.7AI score0.00304EPSS
Exploits0References2
Veracode
Veracode
added 2024/05/15 7:10 a.m.10 views

Insufficient Verification Of Data Authenticity

sshpiper is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to the proxy protocol listener which does specify a specific listener, allowing an attacker forage the proxy source address...

5.3CVSS6.9AI score0.0026EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/14 10:31 p.m.28 views

GHSA-4W53-6JVP-GG52 sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address

Summary The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Details This commit added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection...

5.3CVSS5AI score0.0026EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/05/14 10:31 p.m.38 views

sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address

Summary The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Details This commit added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection...

5.3CVSS6.4AI score0.0026EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/05/14 10:5 p.m.35 views

CVE-2024-35175 sshpiper's Enabling of Proxy Protocol without proper feature flagging allows faking source address

sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and prior to version 1.3.0, the way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Commit 2ddd69876a1e1119059debc59fe869cb4e754430 added the proxy protocol listener as...

5.3CVSS5.4AI score0.0026EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/14 10:5 p.m.14 views

CVE-2024-35175 sshpiper's Enabling of Proxy Protocol without proper feature flagging allows faking source address

sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and prior to version 1.3.0, the way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Commit 2ddd69876a1e1119059debc59fe869cb4e754430 added the proxy protocol listener as...

5.3CVSS6.7AI score0.0026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.6 views

PT-2024-26357 · Sshpiper · Sshpiper

Name of the Vulnerable Software and Affected Versions: sshpiper versions 1.0.50 through 1.2.x Description: The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. This means that any connection that sshpiper is directly or indirectly...

5.3CVSS7AI score0.0026EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.5 views

sshpiper Data Forgery Issue Vulnerability

sshpiper is a reverse proxy for sshd by Boshi Lian Personal Developers. A data forgery vulnerability exists in sshpiper 1.0.50 and earlier versions, which stems from the way the proxy protocol listener is implemented that may allow an attacker to forge its connection address...

5.3CVSS6.8AI score0.0026EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:0 a.m.16 views

BIT-ENVOY-2020-35470

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter not HTTP filters...

8.8CVSS8.5AI score0.00974EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 10:51 a.m.16 views

BIT-ENVOY-2024-23325 Envoy crashes when using an address type that isn’t supported by the OS

Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the...

7.5CVSS6.4AI score0.00751EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.24 views

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-034)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-034 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happ...

8.6CVSS6.7AI score0.00751EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/03/06 12:0 a.m.42 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-543)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-543 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1...

8.6CVSS6.6AI score0.00751EPSS
Exploits0References12
Amazon
Amazon
added 2024/03/05 12:0 a.m.6 views

Important: ecs-service-connect-agent

Issue Overview: Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedgeonpertrytimeout is enabled, 2. pertryidletimeout is enabled it can only be done in configuration, 3...

8.6CVSS7.1AI score0.00751EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/02/14 9:36 p.m.33 views

CVE-2024-23324

A flaw was found in the Envoy proxy. External authentication can be bypassed by downstream connections that use the PROXY protocol. Downstream clients can force invalid gRPC requests to send to extauthz, circumventing extauthz checks when failuremodeallow is set to true...

7.3CVSS7.2AI score0.006EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/02/14 9:35 p.m.14 views

CVE-2024-23325

A flaw was found in Envoy. The envoy proxy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even...

5.9CVSS7AI score0.00751EPSS
Exploits0References4
Rows per page
Query Builder