73 matches found
PT-2025-3589
Name of the Vulnerable Software and Affected Versions Raptor RDF Syntax Library versions 2.0.0 through 2.0.16 Description The issue is related to an integer underflow when normalizing a URI with the turtle parser in the raptor uri normalize path function. This problem occurs in the Raptor RDF...
Directory Traversal
Spatie/browsershot is vulnerable to Directory Traversal. The vulnerability is due to URI normalization in the browser, where the check for file:// can be bypassed using file:\ instead, allows the attacker to manipulate the path and access files outside the intended directory...
CVE-2024-12908
Delinea addressed a reported case on Secret Server v11.7.31 protocol handler version 6.0.3.26 where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfull...
CVE-2024-12908
Delinea addressed a reported case on Secret Server v11.7.31 protocol handler version 6.0.3.26 where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfull...
CVE-2024-21547
CVE-2024-21547 affects the PHP package spatie/browsershot prior to 5.0.2 . The vulnerability is a Directory Traversal flaw caused by URI normalization in the browser where the file:// check can be bypassed using **file:**, allowing an attacker to read arbitrary server files by exploiting normaliz...
CVE-2024-21547
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\. An attacker could read any file on the server by exploiting the normalization of \ into /...
VulnCheck KEV: CVE-2021-22017
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization...
VMware vCenter Server Improper Access Control
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization...
DEBIAN-CVE-2021-46142
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax...
UBUNTU-CVE-2021-46142
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax...
Uriparser 资源管理错误漏洞
Uriparser is a Uri parsing and processing library written in C89 that strictly conforms to Rfc 3986. uriparser is vulnerable to a resource management error that stems from uriparser prior to 0.9.6 performing invalid free operations in uriNormalizeSyntax. No detailed vulnerability details are...
CVE-2021-22017
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed...
CVE-2021-22017
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed...
CVE-2021-22017
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed...
CVE-2021-22017
Summary of CVE-2021-22017 : VMware vCenter Server’s rhttp proxy (rhttproxy) has an improper URI normalization implementation that can be exploited by a remote attacker with network access to port 443 to bypass proxy restrictions and access internal endpoints. The vulnerability affects vCenter Ser...
CVE-2021-22017
Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. Recent assessments: Assessed...
PT-2021-4316
Name of the Vulnerable Software and Affected Versions vCenter Server affected versions not specified Description The issue is related to improper implementation of URI normalization in the rhttproxy service used by vCenter Server. This allows a malicious actor with network access to port 443 on...
VMware vCenter Server < 6.5 U3q Multiple Vulnerabilities (VMSA-2021-0020)
The version of VMware vCenter Server installed on the remote host is 6.5 prior to 6.5 U3q. It is, therefore, affected by multiple vulnerabilities: - A privilege escalation vulnerability exists in vCenter Server due to the way it handles session tokens. An authenticated, local attacker can exploit...
Information Disclosure
jetty-server is vulnerable to information disclosure. The URI normalisation in default compliance mode does not escape % encoded characters in the request metadata by common Servlet implementations, allowing access to sensitive resources within the WEB-INF directory via the use of URI with %2e or...
CVE-2021-22991
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel TMM URI normalization, which may trigger a buffer...