59 matches found
CVE-2022-23020
On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...
CVE-2022-23020
On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical...
CVE-2022-23020
CVE-2022-23020 affects BIG-IP 16.1.x prior to 16.1.2, where enabling Respond on Error on the Request Logging profile (on a virtual server) can cause the Traffic Management Microkernel (TMM) to terminate, yielding a DoS. Red Hat and F5 advisories corroborate the issue and indicate the vulnerabilit...
F5 Networks BIG-IP : BIG-IP TMM vulnerability (K17514331)
The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K17514331 advisory. - On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profil...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228 Spring Boot Test Service This is a dirty hack s...
Pulse Connect Secure contains a use-after-free vulnerability
Overview Pulse Connect Secure PCS gateway contains a use-after-free vulnerability that can allow an unauthenticated remote attacker to execute arbitrary code. Description CVE-2021-22893 A use-after-free vulnerability that can be reached via a license server handling endpoint may allow a remote,...
CVE-2020-2287
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...
CVE-2020-2287
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...
Cross site request forgery (csrf)
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...
CVE-2020-2287
CVE-2020-2287 affects the Jenkins Audit Trail Plugin (versions 3.6 and earlier). The vulnerability arises from how the plugin parses URL paths, using a different representation than the Stapler web framework, which can let an attacker craft URLs that bypass request logging for any target URL. The...
CVE-2020-2287
Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL...
PYSEC-2020-150
This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request craft...
h1-ctf: [H1-2006 2020] CTF Writeup
Summary: Multiple Vulnerabilities leading to full account takeover and access to restricted functions 1. Information Disclosure 2. Login 2FA Bypass 3. SSRF 4. Hardcoded validation 5. Sensitive information disclosure 6. Privilege Escalation 7. Payments 2FA Bypass through SSRF Steps To Reproduce: 0...
undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange...
CVE-2009-4769
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow 1 remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow 2 remote authenticated users t...
CVE-2010-0644
Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is configured, sends DNS queries directly, which allows remote DNS servers to obtain potentially sensitive information about the identity of a client user via request logging, as demonstrated by a proxy server that was configured for th...
Cross site scripting
Cross-site scripting XSS vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2008-0407
HTTP File Server HFS before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request...
RedHat 6.2 - Piranha Virtual Server Package Plaintext Password
RedHat 6.2 - Piranha Virtual Server Package Plaintext Password source: https://www.securityfocus.com/bid/1367/info Password changes submitted to Red Hat Piranha via HTTP are insecurely passed as variables in a GET request. Unauthorized users could obtain the password by reading the httpd access l...