Ruby on Rails: HTTP Host injection in redirect_to function

Hi team, Here is the sample vulnerable code ruby class TesttestController You are being redirected." end Then it will check if the options, because the input is String, so it will be the concatenate of request.protocol + request.hostwithport + options File actioncontroller\metal\redirecting.rb li...

Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238)

Summary Netty is used by IBM Spectrum Scale Transparent Cloud Tiering. IBM Spectrum Scale Transparent Cloud Tiering has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2020-7238 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw when handling...

HTTP Request Smuggling

meinheld is vulnerable to HTTP request smuggling. Lack of validation in the Content-Length header and Transfer Encoding headers allowed an attacker to perform HTTP smuggling attacks which could lead to XSS attacks and poisonining a user's web-cache and allows the attacker to obtain confidential...

Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. IBM Rational Performance Tester is affected by this vulnerability.

Summary Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct...

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM App Connect Enterprise V11

Summary IBM App Connect Enterprise V11 ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2019-15606 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused ...

Security Bulletin: A vulnerability have been identified in Netty shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2020-7238)

Summary Netty is a dependency component shipped with the IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library for Message Bus Integration. Information about the security vulnerability affecting Netty has been published. CVE-2020-7238 Vulnerability Details CVEID: CVE-2020-7238...

Security Bulletin: Publicly disclosed vulnerability found by vFinder in IBM eDiscovery Analyzer

Summary Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct...

Red Hat Undertow Input Validation Error Vulnerability

Red Hat Undertow is a U.S. Red Hat Red Hat, a Java-based embedded Web server, is the default Web server Wildfly Java application server. A security vulnerability exists in Red Hat Undertow that stems from allowing invalid characters in HTTP requests. An attacker could exploit this vulnerability t...

CVE-2020-10687

A flaw was discovered in Undertow where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from...

HTTP Request-splitting

SeaMonkey is vulnerable to HTTP request-splitting.A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially-crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud

Summary Node.js Update 6-February-2020 Security releases available Vulnerability Details CVEID: CVE-2019-15605 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker...

Drupal Mozilla Persona module cross-site request forgery vulnerability (CNVD-2020-16641)

Drupal is an open source content management system developed by the Drupal community using the PHP language.Mozilla Persona is one of the security authentication modules. A cross-site request forgery vulnerability exists in the 'personaxsrftoken' function of the persona.module in Mozilla Persona...

Security Bulletin: Rational Integration Tester HTTP/TCP Proxy component in Rational Test Virtualization Server and Rational Test Workbench affected by Netty vulnerabilities (CVE-2020-7238, CVE-2019-16869, CVE-2019-20445, CVE-2019-20444)

Summary Netty is vulnerable to security issues affecting the Rational Integration Tester HTTP/TCP Proxy component in Rational Test Virtualization Server and Rational Test Workbench Vulnerability Details CVEID: CVE-2020-7238 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a...

Security Bulletin: A vulnerability in netty affects IBM Operations Analytics Predictive Insights (CVE-2020-7238)

Summary Netty is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Note that the usage of Netty within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not use that...

Radancy: x-request-id header reflected in server response without sanitization

Domain and URL: maximum.nl Summary: When issuing a GET request to maximum.nl, its possible to set the x-request-id header which is then reflected in the server response without any sanitization. Description: An attacker can use this vulnerability to escalate to more advanced attacks such as CRLF...

Stripo Inc: HTTP Request Smuggling on my.stripo.email

Summary: HTTP request smuggling vulnerabilities arise when websites route HTTP requests through webservers with inconsistent HTTP parsing. By supplying a request that gets interpreted as being different lengths by different servers, an attacker can poison the back-end TCP/TLS socket and prepend...

Razer: THX Tuneup Survey feedback disclosure via Google cached content for apps.thx.com

Summary: If you use this google dork: site:apps.thx.com, you will notice many of the links no longer work. However, in the cached versions, they contain lots of sensitive user information from users who seemingly filled out a survey, including first and last name, zip code, gender, email, country...

GSA Bounty: Cache poisoning DoS to various TTS assets

I have recently come across a technique to force a Cloudfoundry app to return a HTTP 404 error when requesting any resource, which contains cache friendly headers. What this means is, if the Cloudfoundry app in question is behind a web cache like Cloudfront or Cloudflare etc, it will possibly sto...

CVE-2017-7559

It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the...

CVE-2019-4461

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information...