The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and proxy servers, which allows attackers to elevate privileges to the “super-admin” level.

The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and FortiProxy proxy servers relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to elevate their privileges to “super-admi...

CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...

CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...

Fortinet Fortigate Authentication bypass in Node.js websocket module and CSF requests (FG-IR-24-535)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-24-535 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through...

VulnCheck KEV: CVE-2024-55591

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module...

CVE-2024-55591

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...

Fortinet FortiOS和FortiProxy 安全漏洞

Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc.Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...

PT-2025-1051

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.16 FortiProxy versions 7.0.0 through 7.0.19 FortiProxy versions 7.2.0 through 7.2.12 Description An authentication bypass issue exists in the Node.js websocket module of FortiOS and FortiProxy, where an...

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module...

PT-2025-37027

Name of the Vulnerable Software and Affected Versions: curl affected versions not specified Description: The websocket code in curl did not update the 32-bit mask pattern for each new outgoing frame, as required by the specification. Instead, a fixed mask was used throughout the entire connection...

Important: libsoup

Issue Overview: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 GNOME libsoup...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsoup (SUSE-SU-2024:4352-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4352-1 advisory. - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinite...

SUSE-SU-2024:4365-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 - CVE-2024-52532: Fixed...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinite...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinite...

SUSE-SU-2024:4352-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 - CVE-2024-52532: Fixed...

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinit...

SUSE-SU-2024:4349-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 - CVE-2024-52532: Fixed...

CVE-2024-11835

Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1...