15 matches found
gRPC Security Vulnerabilities
gRPC is a modern, open-source, high-performance remote procedure call RPC framework from gRPC Open Source. A security vulnerability exists in gRPC that stems from the fact that a malicious request may cause the connection between the proxy and the backend to terminate...
Which SNIP will be selected by NetScaler to connect with backend server
...
CVE-2020-7238
A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling. Mitigation Use HTTP/2 instead clear boundaries between requests Disable reuse of backend connections eg. http-reuse never in HAProxy or whatever equivalent LB settings...
CVE-2021-36740
A flaw was found in Varnish. The Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. As a result, this flaw allows the information on the Varnish cache to be poisoned. The highest threat from this...
httpd: allow connecting via SSL to a backend worker when the backend keystore file's ID is 'unknown'
A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from...
Denial Of Service (DoS)
nbdkit is vulnerable to denial of service. The vulnerability exists due to the premature opening of back-end connection...
OPENSUSE-SU-2020:0379-1 Security update for nghttp2
This update for nghttp2 fixes the following issues: nghttp2 was update to version 1.40.0 bsc1166481 - lib: Add nghttp2checkauthority as public API - lib: Fix the bug that stream is closed with wrong error code - lib: Faster huffman encoding and decoding - build: Avoid filename collision of static...
OPENSUSE-SU-2019:1128-1 Security update for pdns
This update for pdns fixes the following issue: Security issue fixed: - CVE-2019-3871: Fixed an insufficient validation in the HTTP remote backend which could allow a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one bsc1129734...
CVE-2018-1002105
CVE-2018-1002105 affects Kubernetes: before versions v1.10.11, v1.11.5, and v1.12.3, the kube-apiserver mishandles error responses to proxied upgrade requests. This flaw lets specially crafted requests establish a connection through the API server to backends and then send arbitrary requests over...
EDT Security using DTLS
EDT Security using DTLS As from XenApp and XenDesktop 7.16 VDAs, DTLS is supported refer to the Windows OS VDA 7.16 Schannel library support for DTLS article. This means that backend connection between NetScaler and the VDA could optionally use DTLS. In addition, Receiver could optionally use DTL...
httpd: Reverse proxy sends wrong responses after time-outs
modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...
CVE-2010-2791
modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...
CVE-2010-2791
modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...
CVE-2010-2791
modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...
Design/Logic Flaw
Directory Proxy Server DPS in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges o...