362 matches found
CVE-2024-32037 GeoNetwork vulnerable to search end-point information disclosure in response headers
GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software...
CVE-2024-32037
GeoNetwork vulnerable versions prior to 4.2.10 and 4.4.5 disclose Elasticsearch software info via search-endpoint response headers. The issue allows server software identification. A fix is available in GeoNetwork 4.2.10 and 4.4.5; no public workarounds are listed. Remediation: upgrade to 4.2.10 ...
CVE-2024-2377
A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information...
CVE-2024-42179
CVE-2024-42179 describes a sensitive information disclosure in HCL MyXalytics where the HTTP response header reveals the server software name and version (Microsoft-HTTP API/2.0). The underlying issue is exposure of server identity, not a direct code execution vector. Public sources in the connec...
RHEL 8 : httpd:2.4 (RHSA-2024:6467)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6467 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backe...
RHEL 8 : httpd:2.4 (RHSA-2024:6468)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6468 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backe...
CVE-2024-47549
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...
PT-2024-32651 · Sharp +1 · Sharp Mfps +1
Name of the Vulnerable Software and Affected Versions: Sharp and Toshiba Tec MFPs affected versions not specified Description: The issue is related to the improper processing of query parameters in HTTP requests, which may lead to the contamination of unintended data in HTTP response headers...
CVE-2024-25622 H2O ignores headers configuration directives
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...
CVE-2024-25622
Technical details about CVE-2024-25622 are not publicly provided in the connected documents. The available sources reiterate the issue and the fix commit; monitor for updates from vendor advisories for affected products, versions, and remediation steps.
CVE-2024-25622 H2O ignores headers configuration directives
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...
httpd: Security issues via backend applications whose response headers are malicious or exploitable
A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...
Advisory ROSA-SA-2024-2477
software: squid 5.9 WASP: ROSA-CHROME packageevrstring: squid-5.9-2 CVE-ID: CVE-2023-46724 BDU-ID: 2023-07699 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Squid proxy server is related to errors in SSL/TLS certificate validation. Exploitation of the vulnerability could allow an attacker actin...
httpd: Security issues via backend applications whose response headers are malicious or exploitable
A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...
httpd: Security issues via backend applications whose response headers are malicious or exploitable
A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...
httpd security update
An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...
RLSA-2024:5138 Important: httpd security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 For more details about the security issues, including the impact,...
RLSA-2024:5193 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 For more details about the security issues, including the impact,...
Important: Red Hat Security Advisory: httpd:2.4 security update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
httpd: Security issues via backend applications whose response headers are malicious or exploitable
A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...