Security Bulletin: Tivoli Netcool/Omnibus installation contains vulnerable Eclipse Jetty code libraries (Multiple CVEs)

Summary The 'Netcool MIb Manager GUI' use a version of the Eclipse Jetty libary that contains known vulnerabilities. These vulnerabilities have been addressed by an upgrade to Jetty 9.3.29. Vulnerability Details CVEID: CVE-2017-7657 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request...

XVIDEOS: Host Header Injection Attack - www.xnxx.com

Host Header Injection Attack - www.xnxx.com An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifi...

Glassdoor: Web Cache Poisoning leads to XSS and DoS

@nokline and @bombon were able to utilize URL parser confusion in combination with reflected XSS under https://glassdoor.com/Job/ and https://glassdoor.com/mz-survey/interview/collectQuestionsinput.htm/ by caching XSS payloads via cookie and header params into a stored XSS for URLs /Award/ and...

Amazon Linux AMI : python27 (ALAS-2022-1593)

The version of python27 installed on the remote host is prior to 2.7.18-2.142. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1593 advisory. In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-2761...

Medium: python27

Issue Overview: In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-27619 The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. Wh...

Medium: python

Issue Overview: In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-27619 The package python/cpython is vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. Wh...

Amazon Linux 2 : python (ALAS-2022-1802)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1802 advisory. In Python3's Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-27619 The...

SilverStripe Web Cache Poisoning through HTTPRequestBuilder

SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder...

GHSA-Q9FF-3Q93-FM8M SilverStripe Web Cache Poisoning through HTTPRequestBuilder

SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequestBuilder...

GHSA-RJ76-H87P-R3WF Undertow vulnerable to Request Smuggling

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...

Undertow vulnerable to Request Smuggling

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that als...

Symfony HTTP Foundation web cache poisoning

An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a legacy IIS header that lets users override the path in the request URL via the...

GHSA-8WGJ-6WX8-H5HQ Symfony HTTP Foundation web cache poisoning

An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a legacy IIS header that lets users override the path in the request URL via the...

squid: out-of-bounds read in WCCP protocol data may lead to information disclosure

A flaw was found in squid. An out-of-bounds read in the WCCP protocol can be leveraged as part of a chain for remote code execution leading to an information disclosure. The highest threat from this vulnerability is to data confidentiality...

NewStart CGSL MAIN 6.02 : python3 Multiple Vulnerabilities (NS-SA-2022-0049)

The remote NewStart CGSL host, running version MAIN 6.02, has python3 packages installed that are affected by multiple vulnerabilities: - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTT...

SAP Web Dispatcher HTTP Request Smuggling

Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web Dispatcher Impact on Business By injecting an HTTP request as a prefix into a victim's request, a malicious user is able to cause damage in different ways, such as producing a Denial of Service by setting an invalid request as...

Tomcat Vulnerable to Web Cache Poisoning

Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...

GHSA-F2GQ-P6QV-CCW4 Tomcat Vulnerable to Web Cache Poisoning

Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...

OESA-2022-1618 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information...

Algolia: Web Cache Deception vulnerability on algolia.com leads to personal information leakage

A web cache deception vulnerability was discovered on algolia.com, which could allow an attacker to trick a caching proxy into storing private information transmitted over the internet from an authenticated user. The attacker could then access the cached data, which may include personal and...