8 matches found
Photon OS 4.0: Rubygem PHSA-2024-4.0-0713
An update of the rubygem package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0713. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 5.0: Rubygem PHSA-2024-5.0-0405
An update of the rubygem package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0405. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Security Bulletin: IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-4527 DESCRIPTION: glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the getaddrinfo function. By...
CBL Mariner 2.0 Security Update: rubygem-protocol-http1 (CVE-2023-38697)
The version of rubygem-protocol-http1 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38697 advisory. - protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section...
CVE-2023-38697 affecting package rubygem-protocol-http1 for versions less than 0.15.1-1
CVE-2023-38697 affecting package rubygem-protocol-http1 for versions less than 0.15.1-1. An upgraded version of the package is available that resolves this issue...
AZL-27830 CVE-2023-38697 affecting package rubygem-protocol-http1 for versions less than 0.15.1-1
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...
CVE-2023-38697
The CVE-2023-38697 entry concerns protocol-http1 (HTTP/1) parsing: Falcon’s RFC-compliant checks on Content-Length and chunk size can be bypassed by accepting +, 0x prefixes, and LF in chunk extensions, causing desynchronization across HTTP parsers and enabling HTTP request smuggling or firewall ...
CVE-2023-38697 protocol-http1 HTTP Request/Response Smuggling vulnerability
protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split...