283 matches found
Design/Logic Flaw
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS...
CVE-2023-23691
Dell EMC PV ME5 (versions ME5.1.0.0.0 and ME5.1.0.1.0) contains a Client-side desync vulnerability. An unauthenticated attacker can force a victim’s browser to desynchronize from the website, typically enabling XSS and DoS. Connected sources indicate affected versions and impact; Nessus/DSA-2023-...
CVE-2023-23691
Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS...
PT-2023-19135 · Dell Emc · Dell Emc Pv Me5
Name of the Vulnerable Software and Affected Versions: Dell EMC PV ME5 versions ME5.1.0.0.0 through ME5.1.0.1.0 Description: The issue is related to a Client-side desync vulnerability. An unauthenticated attacker could potentially exploit this to force a victim's browser to desynchronize its...
CVE-2022-38114 Client-Side Desync Vulnerability
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS...
CVE-2022-38114 Client-Side Desync Vulnerability
This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS...
[Security Nation] James Kettle of PortSwigger on Advancing Web-Attack Research
!\Security Nation\ James Kettle of PortSwigger on Advancing Web-Attack Researchhttps://blog.rapid7.com/content/images/2022/10/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod talk to James Kettle of PortSwigger. Their discussion includes research for new web-attack technique...
CVE-2021-46825
Symantec Advanced Secure Gateway ASG and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web...
CVE-2021-46825
Symantec Advanced Secure Gateway ASG and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web...
CVE-2021-46825
Symantec Advanced Secure Gateway ASG and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web...
Design/Logic Flaw
Symantec Advanced Secure Gateway ASG and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web...
CVE-2021-46825
Symantec Advanced Secure Gateway ASG and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web...
CVE-2021-46825
Affected products: Symantec Advanced Secure Gateway (ASG) and ProxySG. Vulnerability: HTTP desync/HTTP desmuggling where a remote, unauthenticated attacker can leverage crafted HTTP requests to cause the proxy to forward a web server’s responses to unintended clients when the attacker and other c...
PT-2022-3498 · Symantec · Proxysg +1
Name of the Vulnerable Software and Affected Versions: Symantec Advanced Secure Gateway ASG and ProxySG affected versions not specified Description: The issue is related to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy wit...
Oracle Linux 7 : python-twisted-web (ELSA-2022-4930)
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-4930 advisory. - Security fix for CVE-2022-24801: Possible http request smuggling Resolves: rhbz2073114 - Fix CVE-2020-10108 and CVE-2020-10109 multiple HTTP request smuggling...
CVE-2021-32715
hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a Content-Length header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such...
[SECURITY] [DLA 2991-1] twisted security update
Debian LTS Advisory DLA-2991-1 [email protected] https://www.debian.org/lts/security/ Stefano Rivera May 03, 2022 https://wiki.debian.org/LTS Package : twisted Version : 16.6.0-2+deb9u3 CVE ID : CVE-2022-24801 Debian Bug : 1009030 The Twisted Web HTTP 1.1 server, located in the...
SUSE SLES15 Security Update : python-Twisted (SUSE-SU-2022:1477-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:1477-1 advisory. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1....
python-twisted: possible http request smuggling
A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc. Non-conformant parsing leads to a desync if requests pass through multiple HTT...
vcon address change not persistent across protocol components
Lines of code Vulnerability details Impact vcon address is allowed to be updated by GOVERNOR in Core, however, this change will not be reflected in CoreRef.vcon. Moreover, since CoreRef.vcon cannot be updated due to contract design, it is also impossible to fix this manually. We are not yet sure...