11 matches found
K73071205: PHP vulnerability CVE-2016-5385
Security Advisory Description PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
Discourse 安全漏洞
Discourse is an open source community discussion platform. The platform includes community, email and chat room features. A security vulnerability exists in Discourse versions prior to 3.0.1 stable, 3.1.0.beta2 beta and test-passed. An attacker exploited the vulnerability to cause a regular...
GHSA-3GQJ-CMXR-P4X2 Forced Browsing in Twisted
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...
Forced Browsing in Twisted
Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...
CVE-2016-1000107
inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...
CVE-2016-1000107
inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...
PT-2019-4642 · Fortinet · Fortiproxy +1
Name of the Vulnerable Software and Affected Versions: FortiOS versions 5.2.14 and earlier FortiOS versions 5.4.0 through 5.4.12 FortiOS versions 5.6.0 through 5.6.10 FortiOS versions 6.0.0 through 6.0.4 FortiProxy version 1.2.8 and earlier FortiProxy version 2.0.0 Description: The issue is relat...
CVE-2018-7572
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network...
CVE-2016-4694
The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
CVE-2016-0362
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to conduct server-side request forgery SSRF attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy request to a web service...
Amazon Linux AMI : nginx (ALAS-2013-189)
http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...