5 matches found
EUVD-2022-2298
Malicious code in bioql PyPI...
Authentication Bypass
Amendment This was deemed not a vulnerability. Overview hawk is a library for the HTTP Hawk Authentication Scheme. Affected versions of this package are vulnerable to Authentication Bypass. The incoming client supplied hash of the payload is trusted by the server and not verified before the...
DEBIAN-CVE-2022-29167
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...
UBUNTU-CVE-2022-29167
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...
Apache CXF Timing Attack Information Disclosure Vulnerability
Apache CXF is the United States Apache Apache Software Foundation, an open source Web services framework. A timing attack vulnerability exists in the Apache CXF OAuth2 Hawk and JOSE MAC authentication code, which allows remote attackers to submit a special request to obtain sensitive information...