IBM Cognos Command Center 信息泄露漏洞

IBM Cognos Command Center is a software product from International Business Machines IBM that helps organizations manage and monitor their IBM Cognos Business Intelligence solutions. An information disclosure vulnerability exists in IBM Cognos Command Center that stems from disclosing details of...

RHEL 9 : firefox (RHSA-2024:0983)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0983 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CVE-2024-23839

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been...

CVE-2024-23839 Suricata http: heap use after free with http.request_header and http.response_header keywords

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.requestheader or http.responseheader keyword. The vulnerability has been...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6649-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6649-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially explo...

CVE-2024-0310

A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy...

Code injection

A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy...

Shopify: HTTP Response Header Injection in shopify/pitchfork + Rack 3

The HTTP response header injection vulnerability was discovered in the Pitchfork library version 0.10.0 when used with Rack 3. The issue stemmed from improper handling of header values containing newline characters in the appendheader method of the HTTP response module. When Rack 3 was used, the...

squid: DoS against HTTP and HTTPS

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...

How to Remove the ETag Field from the HTTP Response Header Using a Rewrite Policy

This article contains information about removing the ETag field from the HTTP response header using a rewrite policy and action on a NetScaler appliance. Background The rewrite policy and action are created using the Graphical User Interface GUI. Note : Disabling a feature on a NetScaler applianc...

Security Bulletin: IBM TRIRIGA Application Platform suseptable to clickjacking (CBE-2017-4015)

Summary TRIRIGA could allow a remote authenticated attacker to hijack the clicking action of the victim, caused by improper validation of user supplied HTTP response header Vulnerability Details CVEID:CVE-2017-4015 DESCRIPTION: McAfee Network Data Loss Prevention could allow a remote authenticate...

CVE-2020-24275

A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL...

CVE-2020-24275

A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL...

Design/Logic Flaw

A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL...

CVE-2020-24275

A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL...

The vulnerability of the CGI programming language Ruby allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the CGI programming language Ruby is related to the occurrence of interpretation conflicts when unreliable input data is inserted into the HTTP response header. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and...

CVE-2020-24275

A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2295)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

F5 Networks BIG-IP : Apache HTTPD vulnerability (K000132665)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.1. It is, therefore, affected by a vulnerability as referenced in the K000132665 advisory. Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early,...

SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

NIOHTTP1 and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious...