172 matches found
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 Security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
undertow: Improper State Management in Proxy Protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
DEBIAN-CVE-2024-7885
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
UBUNTU-CVE-2024-7885
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
CVE-2024-7885 Undertow: improper state management in proxy protocol parsing causes information leakage
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...
PT-2024-6638 · Undertow · Undertow
Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1...
CVE-2024-6468 Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, the Vault...
CVE-2024-6468 Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, the Vault...
CVE-2024-6468 Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, the Vault...
PT-2024-5874 · Hashicorp +2 · Vault Enterprise +3
Name of the Vulnerable Software and Affected Versions: Vault and Vault Enterprise versions prior to 1.15.12 Vault and Vault Enterprise versions prior to 1.16.6 Vault and Vault Enterprise versions prior to 1.17.2 Description: The issue is related to the improper handling of requests originating fr...
GO-2024-2853 sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address in github.com/tg123/sshpiper
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address in github.com/tg123/sshpiper...
Oracle Linux 8 : 389-ds:1.4 (ELSA-2024-3047)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3047 advisory. - Resolves: RHEL-23209 - CVE-2024-1062 389-ds:1.4/389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars in...
Insufficient Verification Of Data Authenticity
sshpiper is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to the proxy protocol listener which does specify a specific listener, allowing an attacker forage the proxy source address...
GHSA-4W53-6JVP-GG52 sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Summary The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Details This commit added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection...