133 matches found
IBM Cloud Private Injection Vulnerability
IBM Cloud Private is a set of enterprise private cloud solutions from IBM USA. The product is built primarily on Kubernetes and container technology. IBM Cloud Private suffers from an injection vulnerability. An attacker can exploit this vulnerability to inject arbitrary HTTP headers, which can b...
CVE-2019-18657
Table function url had the vulnerability allowed the attacker to inject arbitrary HTTP headers in the request. Nikita Tikhomirov...
UBUNTU-CVE-2019-10222
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients...
nodejs: Denial of Service with large HTTP headers
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...
The vulnerability of the network software tool Envoy, related to errors in analyzing HTTP headers, allows a hacker to gain access to protected data.
The vulnerability of the network software tool Envoy is related to errors in analyzing HTTP headers. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to protected data without going through the authentication mechanism...
The numerous vulnerabilities in the FortiOS operating system, related to the lack of protection for service data, allow attackers to disclose the protected information.
The multiple vulnerabilities of the FortiOS operating system are related to the lack of protection for service data. Exploiting these vulnerabilities can allow a malicious actor to disclose sensitive information by analyzing HTTP headers, certificates, and error messages...
ruby: HTTP response splitting in WEBrick
It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client...
Sensio Labs Symfony Security Bypass Vulnerability (CNVD-2018-21473)
Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A security bypass vulnerability exists in Http Foundation ...
The vulnerability of the implementation of the direct authentication service for microprogramming software in Cisco Adaptive Security Appliance (ASA) allows a attacker to cause a service failure.
The vulnerability of the direct authentication service for microprogramming software in Cisco Adaptive Security Appliance ASA devices is related to insufficient checking of HTTP request headers. Exploiting this vulnerability can allow a malicious actor to trigger a system reboot and a service...
MetInfo cross-site scripting vulnerability (CNVD-2017-25435)
MetInfo is a Content Management System CMS developed using PHP and Mysql. A cross-site scripting vulnerability exists in MetInfo version 5.3.17. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via Client-IP or X-Forwarded-For HTTP packet headers...
CVE-2017-4011
Embedding Script XSS in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request...
CVE-2017-4016
Web Server method disclosure in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to exploit and find another hole via HTTP response header...
snoopy: incomplete fixes for command execution flaws
Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...
snoopy: incomplete fixes for command execution flaws
Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...
snoopy: incomplete fixes for command execution flaws
Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...
snoopy: incomplete fixes for command execution flaws
Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...
snoopy: incomplete fixes for command execution flaws
Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...
snoopy: incomplete fixes for command execution flaws
Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...
CVE-2016-5722
Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network...
Cisco Firepower System Software Security Bypass Vulnerability
Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco. A security bypass vulnerability exists in the malicious file detection and blocking feature of Cisco Firepower System Software. As the program fails to properly validate fields in the HTTP header. A remote...