1141 matches found
Code injection
A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...
UBUNTU-CVE-2019-18277
A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...
php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request
A cross-site scripting XSS vulnerability in Apache2 component of PHP was found. When using 'Transfer-Encoding: chunked', the request allows remote attackers to potentially run a malicious script in a victim's browser. This vulnerability can be exploited only by producing malformed requests and it...
py-twisted -- multiple vulnerabilities
Twisted developers reports: All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters. This mitigates CVE-2019-12387. Thanks to Alex Brasetvik for reporting this vulnerability. The HTTP/2 server implementation now enforces T...
New Relic: Password theft login.newrelic.com via Request Smuggling
Hi, The Rails application at login.newrelic.com is accessed through a proxy written in Golang, and an nginx server. By sending an ambiguous request, an attacker can desynchronize these servers, leaving the socket to the backend poisoned with a harmful response. This response will then be served u...
Apache Tomcat 7.0.0 < 7.0.2
The version of Tomcat installed on the remote host is prior to 7.0.2. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.2security-7 advisory. - Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid...
#OTTuesday: Five Technologies Shaping the Future of OTT
The world of OTT is changing radically with new innovations, from player technologies to standards convergence, propelling the industry forward. As 2018 comes to a close, AkamaiTV sat down with DASH legend and Akamai's very own Will Law to get his pulse on the major trends and technologies that a...
Amazon Linux AMI : php56 / php70, php71, php72 (ALAS-2018-1090)
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade is mishandled in the phphandler function in sapi/apache2handler/sapiapache2.c. CVE-2018-17082...
openSUSE Security Update : php7 (openSUSE-2018-1131)
This update for php7 fixes the following issues : This security issue was fixed : - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a 'Transfer-Encoding: chunked' request, because the bucket brigade was mishandled in the phphandler function bsc1108753 This non-security...
PHP Apache2 Component Cross-Site Scripting Vulnerability
PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language is primarily used for web development and supports a variety of databases and operating systems.Apache2 is one of the HTTP server components. A cross-site...
Design/Logic Flaw
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the phphandler function in sapi/apache2handler/sapiapache2.c...
CVE-2018-17082
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the phphandler function in sapi/apache2handler/sapiapache2.c...
CVE-2018-17082
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the phphandler function in sapi/apache2handler/sapiapache2.c...
CVE-2018-17082
Removed by vendor...
PHP 7.1.x < 7.1.22 Transfer-Encoding Parameter XSS Vulnerability
According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.22. It is, therefore, affected by a cross-site scripting vulnerability. An attacker could leverage this vulnerability to inject malicious code which executes within the security context of the...
CVE-2017-7657
In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...
Integer overflow
In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...
UBUNTU-CVE-2017-7657
In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...
CVE-2017-7657
In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...
DEBIAN-CVE-2017-7657
In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...