6 matches found
GHSA-V228-72C7-FX8J open-websearch has SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`
Summary src/utils/urlSafety.ts exposes isPublicHttpUrl / assertPublicHttpUrl, used to gate the MCP fetchWebContent tool against private-network targets. The check has two defects that together allow non-blind SSRF with the response body returned to the caller: 1. Bracketed IPv6 literals are never...
RHCOS 1 : ruby193-ruby (RHSA-2013:1137)
The remote Red Hat Enterprise Linux CoreOS 1 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1137 advisory. - ruby: hostname check bypassing vulnerability in SSL client CVE-2013-4073 Note that Nessus has not tested for this issue but has instead...
EUVD-2016-1579
Malware in sbrugna...
python: hostname check bypassing vulnerability in SSL module
The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...
python: hostname check bypassing vulnerability in SSL module
The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...
CVE-2009-3024
The verifyhostnameofcert function in the certificate checking feature in IO-Socket-SSL IO::Socket::SSL 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate...