4 matches found
CVE-2023-50324
IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038...
Header Injection
Traefik is vulnerable to Header Injection. The vulnerability is due to improper validation of the X-Forwarded-Prefix header, allowing it to be provided from an untrusted source...
SUSE CVE-2024-45614
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...
Cobalt RaQ 2.03.0 qpopper 2.522.53 - EUIDL Format String Input
Cobalt RaQ 2.03.0 qpopper 2.522.53 - EUIDL Format String Input // source: https://www.securityfocus.com/bid/1242/info A vulnerability exists in version 2.53 and prior of qpopper, a popular POP server, from Qualcomm. By placing machine executable code in the X-UIDL header field, supplying formatti...