ALPINE-CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

DEBIAN-CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

AZL-6825 CVE-2019-20907 affecting package python2 for versions less than 2.7.18-8

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

UBUNTU-CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

Security Bulletin: Vulnerability in Go programming language affects IBM Spectrum Protect Server (CVE-2019-16276)

Summary The Go programming language could allow a remote attacker to bypass security restrictions which affects the IBM Spectrum Protect Server. Vulnerability Details CVEID: CVE-2019-16276 DESCRIPTION: Golang could allow a remote attacker to bypass security restrictions, caused by improper...

CVE-2019-1866

Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a...

GHSA-694P-XRHG-X3WM Micronaut's HTTP client is vulnerable to HTTP Request Header Injection

Vulnerability Micronaut's HTTP client is vulnerable to "HTTP Request Header Injection" due to not validating request headers passed to the client. Example of vulnerable code: java @Controller"/hello" public class HelloController @Inject @Client"/" RxHttpClient client; @Get"/external-exploit"...

waitress: HTTP request smuggling through invalid Transfer-Encoding

An HTTP-interpretation flaw was found in waitress which did not properly validate incoming HTTP headers. When parsing the Transfer-Encoding header, waitress would look only for a single string value. According to the HTTP standard, Transfer-Encoding should be a comma-separated list, with the...

Cisco NX-OS Software Input Validation Error Vulnerability (CNVD-2020-14754)

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. An input validation error vulnerability exists in the NX-AP feature of the NX-OS Software Release prior to 8.41 in Cisco MDS 9000 Series Multilayer Switches and NX-OS...

HTTP Response Splitting

org.wso2.transport.http.netty is vulnerable to HTTP response splitting vulnerability. The vulnerability exists because it does not enable HTTP header validation to prevent the presence of malicious characters in the HTTP header, allowing HTTP headers with malicious content from untrusted sources ...

Design/Logic Flaw

Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled...

CVE-2019-10797

Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled...

CVE-2019-10797

CVE-2019-10797 affects org.wso2.transport.http.netty in WSO2 transport-http prior to version 6.3.1, where HTTP header validation is disabled, enabling HTTP Response Splitting. The issue is rooted in the HTTP header validation logic and impacts HTTP response handling. Mitigation: upgrade to 6.3.1 ...

HTTP Response Splitting

Overview org.wso2.transport.http:org.wso2.transport.http.netty is a HTTP protocol handling implementations for C5 based products. Affected versions of this package are vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled. Remediation Upgrade...

Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security...

PT-2020-2534 · Node.Js +8 · Node.Js +8

Name of the Vulnerable Software and Affected Versions: Node.js versions 10 through 13 Description: The issue is related to insufficient input validation when processing HTTP headers in Node.js, allowing a remote attacker to gain full control over the application through various network protocols...

CVE-2020-5236

Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and...

CRLF Injection

ktor is vulnerable to request smuggling. Lack of validation of the Content-Length and Transfer-Encoding headers allows a remote attacker to inject \n characters as a header separator and smuggle request through the server...