873 matches found
Design/Logic Flaw
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...
CVE-2020-28473
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...
PYSEC-2021-129
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...
PYSEC-2021-129
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...
UBUNTU-CVE-2020-28473
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...
CVE-2020-28473 Web Cache Poisoning
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...
CVE-2020-28473
CVE-2020-28473 affects the bottle Python package (versions before 0.12.19). The underlying issue is parameter cloaking: if an attacker uses semicolon to separate query parameters, the proxy and server may interpret the request differently, causing malicious requests to be cached as safe. This ena...
CVE-2020-28473
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon ;, they can cause a difference in the interpretation of the request between the proxy running with...
IBM Emptoris Sourcing Web Cache Poisoning Vulnerability
IBM Emptoris Sourcing helps organizations get affordable pricing and greater value from suppliers by examining factors such as cost, risk and performance in strategic sourcing decisions. A Web cache poisoning vulnerability exists in IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3. The...
CVE-2020-4896
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987...
CVE-2020-4896
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987...
Input validation
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987...
CVE-2020-4896
CVE-2020-4896 affects IBM Emptoris Sourcing versions 10.1.0.x, 10.1.1.x, and 10.1.3.x. The root cause is improper input validation that allows manipulating HTTP request headers to perform a web cache poisoning attack. Public references (NVD, CNVD, and IBM bulletin) confirm the vulnerability and a...
CVE-2020-4896
IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987...
IBM Emptoris Sourcing 环境问题漏洞
IBM Emptoris Sourcing helps organizations get affordable pricing and greater value from suppliers by examining factors such as cost, risk and performance in strategic sourcing decisions. A Web cache poisoning vulnerability exists in IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3. The...
Security Bulletin: Web Cache Poisoning Vulnerability Affects IBM Emptoris Sourcing (CVE-2020-4896)
Summary Web cache poisoning vulnerability affects IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2020-4896 DESCRIPTION: IBM Emptoris is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. CVSS Base score: 6.5 CVSS Temporal Score: See:...
Web Cache Poisoning in find-my-way
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...
Cache Poisoning
find-my-way is vulnerable to web cache poisoning. The vulnerability exists when it accepts the Accept-Version header by default, and if the versioned routes are not used, it leads to a denial of serviceDoS...
CVE-2020-7764 Web Cache Poisoning
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack...
Security Bulletin: CVE-2019-17569, CVE-2020-1935 HTTP Request Smuggling if Tomcat was located behind a reverse proxy
Summary In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a...