Lucene search
K

178 matches found

vulnrichment
vulnrichment
added 2024/11/25 7:29 a.m.12 views

CVE-2024-9666 Org.keycloak/keycloak-quarkus-server: keycloak proxy header handling denial-of-service (dos) vulnerability

A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...

4.7CVSS6.6AI score0.00399EPSS
Exploits0References6
cve
cve
added 2024/11/25 7:29 a.m.304 views

CVE-2024-9666

CVE-2024-9666 – Keycloak DoS via proxy-header handling . The Keycloak Server is vulnerable to a denial-of-service when configured to accept proxy headers and behind a reverse proxy that does not overwrite incoming headers. Non-IP values (e.g., obfuscated identifiers) may be accepted without prope...

4.7CVSS5.5AI score0.00399EPSS
Exploits0References6
snyk
snyk
added 2024/11/21 9:21 p.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a bypass of the rate limiter, by forging proxy headers. An attacker can send unlimited traffic to the site. Note: See this documentation, if the IP address of a remote proxy needs to be authorized. Workaroun...

6.9CVSS7.1AI score0.00522EPSS
Exploits0References2
redhat
redhat
added 2024/11/21 7:24 p.m.13 views

org.keycloak/keycloak-quarkus-server: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...

4.7CVSS5.8AI score0.00399EPSS
Exploits0References4
redhat
redhat
added 2024/11/21 7:23 p.m.3 views

org.keycloak/keycloak-quarkus-server: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...

4.7CVSS5.8AI score0.00399EPSS
Exploits0References4
redhatcve
redhatcve
added 2024/11/21 4:52 p.m.11 views

CVE-2024-9666

A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...

4.7CVSS6.5AI score0.00399EPSS
Exploits0References3
osv
osv
added 2024/11/20 6:24 p.m.15 views

GHSA-FFP2-8P2H-4M5J Password Pusher rate limiter can be bypassed by forging proxy headers

Impact Password Pusher comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. Additionally, with the ability to bypass rate...

6.9CVSS5.4AI score0.00522EPSS
Exploits0References6
github
github
added 2024/11/20 6:24 p.m.20 views

Password Pusher rate limiter can be bypassed by forging proxy headers

Impact Password Pusher comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. Additionally, with the ability to bypass rate...

5.3CVSS5.4AI score0.00522EPSS
Exploits0References6Affected Software1
nvd
nvd
added 2024/11/20 5:15 p.m.7 views

CVE-2024-52796

Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...

5.3CVSS0.00522EPSS
Exploits0References3
cvelist
cvelist
added 2024/11/20 4:15 p.m.25 views

CVE-2024-52796 Password Pusher's rate limiter can be bypassed by forging proxy headers

Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...

5.3CVSS0.00522EPSS
Exploits0References3
cve
cve
added 2024/11/20 4:15 p.m.50 views

CVE-2024-52796

CVE-2024-52796 affects Password Pusher (open source web app). In versions before v1.49.0, the configurable rate limiter could be bypassed by forging proxy headers, allowing an attacker to send unlimited traffic and potentially cause a denial of service. The fix in v1.49.0 restricts proxy authoriz...

5.3CVSS5.1AI score0.00522EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/11/20 4:15 p.m.13 views

CVE-2024-52796 Password Pusher's rate limiter can be bypassed by forging proxy headers

Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...

5.3CVSS5.2AI score0.00522EPSS
Exploits0References3
osv
osv
added 2024/11/20 4:15 p.m.4 views

CVE-2024-52796 Password Pusher's rate limiter can be bypassed by forging proxy headers

Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...

5.3CVSS5.9AI score0.00522EPSS
Exploits0References5
cnnvd
cnnvd
added 2024/11/20 12:0 a.m.3 views

Password Pusher 安全漏洞

Password Pusher is an open source application by Peter Giacomo Lombardo, an individual developer, used to deliver sensitive information over the web. A security vulnerability exists in Password Pusher prior to v1.49.0, which stems from the ability to bypass the rate limiter by spoofing the proxy...

5.3CVSS6.1AI score0.00522EPSS
Exploits0References3
rubygems
rubygems
added 2024/11/20 12:0 a.m.42 views

Password Pusher rate limiter can be bypassed by forging proxy headers

Impact Password Pusher comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. Patches In v1.49.0, a fix was implemented to...

5.3CVSS6.6AI score0.00522EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2024/10/14 12:0 a.m.3 views

PT-2024-35447 · Unknown · Password Pusher

Name of the Vulnerable Software and Affected Versions: Password Pusher versions prior to v1.49.0 Description: The issue is related to the rate limiter in Password Pusher, which can be bypassed by forging proxy headers, allowing bad actors to send unlimited traffic to the site and potentially...

6.9CVSS7.2AI score0.00522EPSS
Exploits0References14
osv
osv
added 2024/10/12 11:9 a.m.4 views

OESA-2024-2251 rubygem-puma security update

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version...

5.4CVSS6.8AI score0.00646EPSS
Exploits0References2
osv
osv
added 2024/10/12 11:9 a.m.4 views

OESA-2024-2249 rubygem-puma security update

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version...

5.4CVSS6.8AI score0.00646EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/10/08 12:0 a.m.2 views

PT-2024-39748 · Red Hat · Keycloak Server

Name of the Vulnerable Software and Affected Versions: Keycloak Server affected versions not specified Description: A denial of service DoS attack is possible due to improper handling of proxy headers in the Keycloak Server. When configured to accept incoming proxy headers, Keycloak may accept...

4.7CVSS6.7AI score0.00399EPSS
Exploits0References13
osv
osv
added 2024/09/24 1:16 p.m.3 views

USN-7031-1 puma vulnerability

It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite header values set by intermediate proxies by providing duplicate headers containing underscore characters...

5.4CVSS7.2AI score0.00646EPSS
Exploits0References2
Rows per page
Query Builder