Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to HTTP request smuggling due to Netty (CVE-2021-43797)

Summary Netty CVE-2021-43797 is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library as part of the webhook integration. The latest patch includes Netty 4.1.72.Final to fix the vulnerability. Vulnerability Details CVEID: CVE-2021-43797 DESCRIPTION: Netty is vulnerable to...

Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (CVE-2019-15606, CVE-2019-15604, CVE-2019-15605)

Summary Node.js is vulnerable to security bypass, denial of service and HTTP request smuggling. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2019-15606 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an issue whe...

TikTok: Information Leakage via TikTok Ads Web Cache Deception

A theoretical web cache deception vulnerability was found on TikTok Ads, that could have resulted in information leakage if clicked on by an authenticated user. We thank @arifmkhls for reporting this to our team and confirming its resolution...

Security Bulletin: IBM UrbanCode Build is affected by CVE-2021-33037

Summary IBM UrbanCode Build is affected by CVE-2021-33037 Vulnerability Details CVEID: CVE-2021-33037 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header. By sending a specially-crafted HTTPS transfer-encoding...

AlmaLinux 8 : python3 (ALSA-2021:1633)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1633 advisory. - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls...

Mageia: Security Advisory (MGASA-2021-0165)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM UrbanCode Release is affected by CVE-2021-33037

Summary IBM UrbanCode Release version 6.2.2.7 - 6.2.5.4 are affected by CVE-2021-33037 Vulnerability Details CVEID: CVE-2021-33037 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header. By sending a...

EulerOS Virtualization 3.0.2.6 : python (EulerOS-SA-2021-2875)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in...

Security Bulletin: Vulnerability in Node.js affects IBM Event Streams (CVE-2021-22959)

Summary There is a vulnerability in the Node.js open source runtime. The runtime is used by the IBM Event Streams. The CVE has been addressed. Vulnerability Details CVEID: CVE-2021-22959 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by an error related to a space in headers...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2021-2875)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Web Cache Vulnerability Scanner - A Go-based CLI Tool For Testing For Web Cache Poisoning

Web Cache Vulnerability Scanner WCVS is a fast and versatile CLI scanner for web cache poisoning developed by Hackmanit. The scanner supports many different web cache poisoning techniques, includes a crawler to identify further URLs to test, and can adapt to a specific web cache for more efficien...

Glassdoor: Web Cache Poisoning leads to Stored XSS

@bombon reported to us a web cache poisoning issue that led to caching of gdTokenAnti-CSRF token across different Glassdoor pages and in some instances could be chained to perform XSS by caching the XSS payload. This has now been resolved using CF web cache armor and cache-control headers...

Oracle Linux 8 : python38:3.8 / and / python38-devel:3.8 (ELSA-2021-4162)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4162 advisory. - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are...

Oracle Linux 8 : python27:2.7 (ELSA-2021-4151)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4151 advisory. - In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP. CVE-2020-27619 - The packag...

HTTP Request Smuggling

symfony/http-kernel is vulnerable to HTTP request smuggling. The vulnerability exists in handle function of SubRequestHandler due to missing extra trusted header in sub-request which allows an attacker to forge requests containing a X-Forwarded-Prefix HTTP header, leading to a web cache poisoning...

CVE-2021-41267

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trustedheaders" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2,...

CVE-2021-41267

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trustedheaders" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2,...

CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request

Description When a Symfony application is running behind a proxy or a load-balancer, you can tell Symfony to look for the X-Forwarded- HTTP headers. HTTP headers that are not part of the "trustedheaders" allowed list are ignored and protect you from "Cache poisoning" attacks. In Symfony 5.2, we'v...

CVE-2021-36322

Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections...

CVE-2021-36322

Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections...