310 matches found
SUSE CVE-2017-7797
Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox 55...
SUSE CVE-2021-28662
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic...
SUSE-SU-2023:0294-1 Security update for apache2
This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in modproxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body bsc1207251. - CVE-2022-36760: Fixed an issue in...
Apache 2.4.x < 2.4.55 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.55. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.55 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory locatio...
AZL-13167 CVE-2022-37436 affecting package httpd for versions less than 2.4.55-1
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...
CVE-2022-37436
CVE-2022-37436 affects Apache HTTP Server in versions prior to 2.4.55. The issue allows a malicious backend to truncate response headers early, causing some headers to be incorporated into the response body and preventing the later headers from being interpreted by the client. Affected products i...
SAP BusinessObjects Business Intelligence Platform Cross-Site Scripting Vulnerability (CNVD-2023-03049)
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and deploy...
Clickjacking
pyload-ng is vulnerable to clickjacking attacks. The vulnerability exists due to the lack of frame restrictions in init.py as it does not properly set the response header X-Frame-Options: DENY, which allows an attacker to load the website within a malicious response header...
CVE-2023-0015 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)
In SAP BusinessObjects Business Intelligence Platform Web Intelligence user interface - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS...
CVE-2023-0015 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)
In SAP BusinessObjects Business Intelligence Platform Web Intelligence user interface - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS...
PT-2023-15949 · Sap · Sap Businessobjects Business Intelligence Platform
Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform version 420 Description: The issue arises from some calls returning json with the wrong content type in the header of the response. This can make a custom application that directly calls the...
CVE-2022-3260
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks...
CVE-2022-3260
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks...
Hardcoded credentials
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks...
CVE-2022-3260
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks...
CVE-2022-3260
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks...
CVE-2021-33621
A vulnerability was found in Ruby that allows HTTP header injection. A CGI application using the CGI library may insert untrusted input into the HTTP response header. This issue can allow an attacker to insert a newline character to split a header and inject malicious content to deceive clients...
CVE-2022-38113
This vulnerability discloses build and services versions in the server response header...
CVE-2022-38113 Information Disclosure Vulnerability
This vulnerability discloses build and services versions in the server response header...
CVE-2022-38113 Information Disclosure Vulnerability
This vulnerability discloses build and services versions in the server response header...