2 matches found
GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
Summary An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. Attacker can abuse this to scan internal networks and gain information about them then exploit further. Moreover,...
OPENSUSE-SU-2021:1279-1 Security update for haserl
This update for haserl fixes the following issues: Update to version 0.9.36: Fixed: Its possible to issue a PUT request without a CONTENT-TYPE. Assume an octet-stream in that case. This is CVE-2021-29133 and boo1187671 Change the Prefix for variables to be the REQUESTMETHOD PUT/DELETE/GET/POST TH...