1248 matches found
CVE-2022-32149
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
CVE-2022-32149 Denial of service via crafted Accept-Language header in golang.org/x/text/language
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
GO-2022-1059 Denial of service via crafted Accept-Language header in golang.org/x/text/language
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
PT-2022-6959 · Google +6 · Golang.Org/X/Text/Language +6
Name of the Vulnerable Software and Affected Versions: golang.org/x/text/language affected versions not specified Description: The issue is related to the ParseAcceptLanguage function, which can be exploited to cause a denial of service by crafting a specific Accept-Language header. This header c...
Google Golang 安全漏洞
Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...
Authorization Bypass
modsecurity-crs:sid is vulnerable to authorization bypass. The vulnerability exists due to an HTTP accept header field , allowing an attacker to do a response body bypass by accessing to restricted resources...
CVE-2022-39957
A flaw was found in the OWASP ModSecurity Core Rule Set. A payload with a HTTP accept header field containing a charset that can't be decoded by the Web Application Firewall allows a response body bypass, resulting in access to restricted resources...
CVE-2022-39957
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
DEBIAN-CVE-2022-39957
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
CVE-2022-39957
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
UBUNTU-CVE-2022-39957
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
Design/Logic Flaw
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
CVE-2022-39957
CVE-2022-39957 affects the OWASP ModSecurity Core Rule Set (CRS). The issue is a response body bypass: a client can send an HTTP Accept header with an optional charset parameter, causing the WAF to deliver a form that may not be decoded correctly, potentially bypassing detection of restricted res...
CVE-2022-39957 Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
PT-2022-25144 · Owasp +1 · Owasp Modsecurity Core Rule Set +1
Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set CRS versions 3.0.x through 3.3.2 Description: The issue concerns a response body bypass in the OWASP ModSecurity Core Rule Set CRS. A client can exploit this by issuing an HTTP Accept header field with an...
CVE-2022-39957
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
CVE-2022-39957 Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header
The OWASP ModSecurity Core Rule Set CRS is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web...
Front-running of accept call
Lines of code Vulnerability details Description There is accept and veto functions in the PartyGovernance contract. The functions accepts the proposalId accept function also accepts snapIndex, which does not contain any information about the proposal itself. As a result, transactions of users can...
jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 inclusive, 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” i.e. q parameters, the server may enter a denial of service DoS state due to high CPU usage processing those quality...
Slack: Bypass invite accept for victim
Vulnerability description not provided...