178 matches found
CVE-2024-9666 Org.keycloak/keycloak-quarkus-server: keycloak proxy header handling denial-of-service (dos) vulnerability
A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...
CVE-2024-9666
CVE-2024-9666 – Keycloak DoS via proxy-header handling . The Keycloak Server is vulnerable to a denial-of-service when configured to accept proxy headers and behind a reverse proxy that does not overwrite incoming headers. Non-IP values (e.g., obfuscated identifiers) may be accepted without prope...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a bypass of the rate limiter, by forging proxy headers. An attacker can send unlimited traffic to the site. Note: See this documentation, if the IP address of a remote proxy needs to be authorized. Workaroun...
org.keycloak/keycloak-quarkus-server: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...
org.keycloak/keycloak-quarkus-server: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...
CVE-2024-9666
A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...
GHSA-FFP2-8P2H-4M5J Password Pusher rate limiter can be bypassed by forging proxy headers
Impact Password Pusher comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. Additionally, with the ability to bypass rate...
Password Pusher rate limiter can be bypassed by forging proxy headers
Impact Password Pusher comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. Additionally, with the ability to bypass rate...
CVE-2024-52796
Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...
CVE-2024-52796 Password Pusher's rate limiter can be bypassed by forging proxy headers
Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...
CVE-2024-52796
CVE-2024-52796 affects Password Pusher (open source web app). In versions before v1.49.0, the configurable rate limiter could be bypassed by forging proxy headers, allowing an attacker to send unlimited traffic and potentially cause a denial of service. The fix in v1.49.0 restricts proxy authoriz...
CVE-2024-52796 Password Pusher's rate limiter can be bypassed by forging proxy headers
Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...
CVE-2024-52796 Password Pusher's rate limiter can be bypassed by forging proxy headers
Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially...
Password Pusher 安全漏洞
Password Pusher is an open source application by Peter Giacomo Lombardo, an individual developer, used to deliver sensitive information over the web. A security vulnerability exists in Password Pusher prior to v1.49.0, which stems from the ability to bypass the rate limiter by spoofing the proxy...
Password Pusher rate limiter can be bypassed by forging proxy headers
Impact Password Pusher comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. Patches In v1.49.0, a fix was implemented to...
PT-2024-35447 · Unknown · Password Pusher
Name of the Vulnerable Software and Affected Versions: Password Pusher versions prior to v1.49.0 Description: The issue is related to the rate limiter in Password Pusher, which can be bypassed by forging proxy headers, allowing bad actors to send unlimited traffic to the site and potentially...
OESA-2024-2251 rubygem-puma security update
A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version...
OESA-2024-2249 rubygem-puma security update
A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version...
PT-2024-39748 · Red Hat · Keycloak Server
Name of the Vulnerable Software and Affected Versions: Keycloak Server affected versions not specified Description: A denial of service DoS attack is possible due to improper handling of proxy headers in the Keycloak Server. When configured to accept incoming proxy headers, Keycloak may accept...
USN-7031-1 puma vulnerability
It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite header values set by intermediate proxies by providing duplicate headers containing underscore characters...