Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when echoing the request URL as an X-Up-Location response header. By making a request with exceedingly long URLs paths or query string, an attacker can cause unpoly-rails to write a exceedingly large response heade...

GHSA-M875-3XF6-MF78 unpoly-rails Denial of Service vulnerability

There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. Impact This issues affects Rails applications that operate as an upstream of a load balancer's that uses passive health checks. The unpoly-rails gem...

CVE-2023-28846

Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load...

Design/Logic Flaw

Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load...

CVE-2023-28846 Denial of Service in unpoly-rails

Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load...

CVE-2023-28846 Denial of Service in unpoly-rails

Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load...

Storefront - Storefront URL becomes inaccessible after adding HTTP Response Header

After mitigating the HTTP Security Header Not Detected Vulnerability in IIS by adding HTTP Response Headers, the Citrix Storefront url may become inaccessible. Users might be presented with the "500 Internal server error" message...

unpoly-rails Denial of Service vulnerability

There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. Impact This issues affects Rails applications that operate as an upstream of a load balancer's that uses passive health checks. The unpoly-rails gem...

Important: httpd

Issue Overview: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-20001 Inconsistent...

GHSA-VQ59-5X26-H639 Authorization Bypass Through User-Controlled Key play-with-docker

Impact Give that CORS configuration was not correct, an attacker could use play-with-docker.com as an example, set origin header in http request as evil-play-with-docker.com, it will be echo in response header, which successfully bypass the CORS policy and retrieves basic user information. Patche...

Authorization Bypass Through User-Controlled Key play-with-docker

Impact Give that CORS configuration was not correct, an attacker could use play-with-docker.com as an example, set origin header in http request as evil-play-with-docker.com, it will be echo in response header, which successfully bypass the CORS policy and retrieves basic user information. Patche...

CVE-2023-28109 Play With Docker vulnerable to Authorization Bypass Through User-Controlled Key

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

HTTP Request Smuggling

apache2 is vulnerable to HTTP Request Smuggling. The vulnerability exists due to the special characters in the origin response header can truncate/split the response forwarded to the client through the modproxyuwsgi...

Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server from 2.4.30 through 2.4.55 and the uWSGI PyPI package prior to version 2.0.22. Special characters in the origin response header can truncate/split the response forwarded to the...

CVE-2023-27522

An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via modproxyuwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client. Mitigation Mitigation for this issue is either not available...

CVE-2023-27522

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client...

CVE-2023-27522 Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client...

CVE-2023-27522

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client...

CVE-2023-27522

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client...

CVE-2022-38731

CVE-2022-38731 affects Qaelum DOSE versions 18.08–21.1 prior to 21.2. The issue is a directory traversal via the loadimages name parameter, allowing an attacker to specify an arbitrary filesystem path to load images (only images displayed; other files loaded but not shown) and to enumerate local ...