Lucene search
K

11 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:46 p.m.56 views

K73071205: PHP vulnerability CVE-2016-5385

Security Advisory Description PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

8.1CVSS7.2AI score0.50427EPSS
Exploits0
CNNVD
CNNVD
added 2023/01/27 12:0 a.m.6 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A security vulnerability exists in Discourse versions prior to 3.0.1 stable, 3.1.0.beta2 beta and test-passed. An attacker exploited the vulnerability to cause a regular...

8.6CVSS7.3AI score0.00868EPSS
Exploits0References5
OSV
OSV
added 2021/04/30 5:32 p.m.27 views

GHSA-3GQJ-CMXR-P4X2 Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

6.9CVSS5.4AI score0.02406EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2021/04/30 5:32 p.m.56 views

Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

5.3CVSS5.4AI score0.02406EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2019/12/10 6:15 p.m.27 views

CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

6.1CVSS6.9AI score0.01428EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2019/12/10 5:32 p.m.26 views

CVE-2016-1000107

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

6.1CVSS6.4AI score0.01428EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2019/05/29 12:0 a.m.3 views

PT-2019-4642 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions 5.2.14 and earlier FortiOS versions 5.4.0 through 5.4.12 FortiOS versions 5.6.0 through 5.6.10 FortiOS versions 6.0.0 through 6.0.4 FortiProxy version 1.2.8 and earlier FortiProxy version 2.0.0 Description: The issue is relat...

7.8CVSS9.5AI score0.33647EPSS
Exploits0References13
OSV
OSV
added 2018/09/12 4:29 p.m.5 views

CVE-2018-7572

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network...

6.8CVSS5.9AI score0.00364EPSS
Exploits0References1
Cvelist
Cvelist
added 2016/09/25 10:0 a.m.49 views

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

8AI score0.01345EPSS
Exploits0References6
OSV
OSV
added 2016/07/01 1:59 a.m.3 views

CVE-2016-0362

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy request to a web service...

7.7CVSS5.9AI score0.00894EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.44 views

Amazon Linux AMI : nginx (ALAS-2013-189)

http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...

5.8CVSS5.5AI score0.11925EPSS
Exploits3References2
Rows per page
Query Builder