Lucene search
K

24 matches found

SUSE CVE
SUSE CVE
added 2026/07/07 3:13 p.m.9 views

SUSE CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

7.5CVSS6AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 9:16 p.m.9 views

CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

10CVSS0.00256EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 8:33 p.m.3 views

CVE-2026-54763 Traefik: headerField underscore-variant identity spoofing in BasicAuth / DigestAuth / ForwardAuth

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

7.8CVSS6AI score0.00256EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:33 p.m.5 views

CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

7.8CVSS6AI score0.00256EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:33 p.m.38 views

CVE-2026-54763 Traefik: headerField underscore-variant identity spoofing in BasicAuth / DigestAuth / ForwardAuth

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

7.8CVSS0.00256EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/07/06 8:33 p.m.7 views

CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

10CVSS6AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56011

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.51 Traefik versions prior to 3.6.22 Traefik versions prior to 3.7.6 Description Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares fail to account for underscore-variant header names when stripping...

10CVSS5.9AI score0.00256EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.7 views

SUSE CVE-2026-39858

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...

10CVSS5.7AI score0.00479EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/30 8:26 p.m.6 views

CVE-2026-39858 Traefik: Forwarded alias spoofing top pre-auth decision bypass

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...

7.8CVSS5.7AI score0.00479EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/30 8:26 p.m.3 views

CVE-2026-39858

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...

7.8CVSS5.3AI score0.00479EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/11/12 9:42 p.m.5 views

GHSA-VJRC-MH2V-45X6 OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation

Impact All deployments of OAuth2 Proxy in front of applications that normalize underscores to dashes in HTTP headers e.g., WSGI-based frameworks such as Django, Flask, FastAPI, and PHP applications. Authenticated users can inject underscore variants of X-Forwarded- headers that bypass the proxy’s...

8.5CVSS6.5AI score0.00633EPSS
Exploits0References9
EUVD
EUVD
added 2025/11/12 9:42 p.m.5 views

EUVD-2025-50825

OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation...

8.5CVSS6.4AI score0.00633EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/11/12 9:42 p.m.13 views

OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation

Impact All deployments of OAuth2 Proxy in front of applications that normalize underscores to dashes in HTTP headers e.g., WSGI-based frameworks such as Django, Flask, FastAPI, and PHP applications. Authenticated users can inject underscore variants of X-Forwarded- headers that bypass the proxy’s...

8.5CVSS6.5AI score0.00633EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/12 12:12 p.m.9 views

CVE-2025-64484

A header-smuggling vulnerability was found in OAuth2-Proxy’s handling of HTTP headers containing underscores such as XForwardedFor. The proxy failed to properly normalize these header names, which could allow crafted requests to bypass header validation or filtering. When OAuth2-Proxy is deployed...

8.5CVSS6.2AI score0.00633EPSS
Exploits0References8
OSV
OSV
added 2025/11/12 11:43 a.m.6 views

BIT-OAUTH2-PROXY-2025-64484 OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions prior to 7.13.0, all deployments of OAuth2 Proxy in front of applications that normalize underscores to dashe...

8.5CVSS6.5AI score0.00633EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/11/10 9:33 p.m.4 views

CVE-2025-64484 OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions prior to 7.13.0, all deployments of OAuth2 Proxy in front of applications that normalize underscores to dashe...

8.5CVSS6.5AI score0.00633EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/10 9:33 p.m.13 views

CVE-2025-64484 OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions prior to 7.13.0, all deployments of OAuth2 Proxy in front of applications that normalize underscores to dashe...

8.5CVSS0.00633EPSS
Exploits0References5
OSV
OSV
added 2025/11/10 9:33 p.m.8 views

CVE-2025-64484 OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation

OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions prior to 7.13.0, all deployments of OAuth2 Proxy in front of applications that normalize underscores to dashe...

8.5CVSS6.5AI score0.00633EPSS
Exploits0References7
CVE
CVE
added 2025/11/10 9:33 p.m.18 views

CVE-2025-64484

OAuth2-Proxy is affected by a header smuggling vulnerability where authenticated users can exploit underscores in HTTP header names (e.g., X_Forwarded_For) to bypass upstream header filtering, potentially escalating privileges in the application behind the proxy. The issue occurs in deployments t...

8.5CVSS6.5AI score0.00633EPSS
Exploits0References5
OSV
OSV
added 2024/09/24 3:4 p.m.7 views

USN-7031-2 puma vulnerability

USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS. This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite heade...

5.4CVSS7.2AI score0.00646EPSS
Exploits0References2
Rows per page
Query Builder