180 matches found
CVE-2024-6468 Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, the Vault...
CVE-2024-6468 Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, the Vault...
Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
Summary Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, t...
PT-2024-5874 · Hashicorp +2 · Vault Enterprise +3
Name of the Vulnerable Software and Affected Versions: Vault and Vault Enterprise versions prior to 1.15.12 Vault and Vault Enterprise versions prior to 1.16.6 Vault and Vault Enterprise versions prior to 1.17.2 Description: The issue is related to the improper handling of requests originating fr...
GO-2024-2853 sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address in github.com/tg123/sshpiper
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address in github.com/tg123/sshpiper...
Oracle Linux 8 : 389-ds:1.4 (ELSA-2024-3047)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3047 advisory. - Resolves: RHEL-23209 - CVE-2024-1062 389-ds:1.4/389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars in...
Insufficient Verification Of Data Authenticity
sshpiper is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to the proxy protocol listener which does specify a specific listener, allowing an attacker forage the proxy source address...
GHSA-4W53-6JVP-GG52 sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Summary The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Details This commit added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection...
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Summary The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Details This commit added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection...
CVE-2024-35175 sshpiper's Enabling of Proxy Protocol without proper feature flagging allows faking source address
sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and prior to version 1.3.0, the way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Commit 2ddd69876a1e1119059debc59fe869cb4e754430 added the proxy protocol listener as...
CVE-2024-35175 sshpiper's Enabling of Proxy Protocol without proper feature flagging allows faking source address
sshpiper is a reverse proxy for sshd. Starting in version 1.0.50 and prior to version 1.3.0, the way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Commit 2ddd69876a1e1119059debc59fe869cb4e754430 added the proxy protocol listener as...
PT-2024-26357 · Sshpiper · Sshpiper
Name of the Vulnerable Software and Affected Versions: sshpiper versions 1.0.50 through 1.2.x Description: The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. This means that any connection that sshpiper is directly or indirectly...
sshpiper Data Forgery Issue Vulnerability
sshpiper is a reverse proxy for sshd by Boshi Lian Personal Developers. A data forgery vulnerability exists in sshpiper 1.0.50 and earlier versions, which stems from the way the proxy protocol listener is implemented that may allow an attacker to forge its connection address...
BIT-ENVOY-2020-35470
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter not HTTP filters...
BIT-ENVOY-2024-23325 Envoy crashes when using an address type that isn’t supported by the OS
Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the...
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-034)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-034 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happ...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-543)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-543 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1...
Important: ecs-service-connect-agent
Issue Overview: Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedgeonpertrytimeout is enabled, 2. pertryidletimeout is enabled it can only be done in configuration, 3...
CVE-2024-23324
A flaw was found in the Envoy proxy. External authentication can be bypassed by downstream connections that use the PROXY protocol. Downstream clients can force invalid gRPC requests to send to extauthz, circumventing extauthz checks when failuremodeallow is set to true...
CVE-2024-23325
A flaw was found in Envoy. The envoy proxy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even...