Design/Logic Flaw

rejetto HFS aka HTTP File Server v2.3m Build 300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers...

OPENSUSE-SU-2020:0785-1 Security update for axel

This update for axel fixes the following issues: axel was updated to 2.17.8: CVE-2020-13614: SSL Certificate Hostnames were not verified boo1172159 Replaced progressbar line clearing with terminal control sequence Fixed parsing of Content-Disposition HTTP header Fixed User-Agent HTTP header never...

HFS Http File Server 2.3m Build 300 Buffer Overflow

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HFS-HTTP-FILE-SERVER-v2.3-REMOTE-BUFFER-OVERFLOW-DoS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.rejetto.com Product HFS Http File Server v2.3m Build 300...

HTTP Response Splitting

kallithea is vulnerable to HTTP Response Splitting. It is possible because it does not escape the user-provided input from GET 'camefrom' parameter in the login instance, allowing an attacker to inject malicious HTTP headers to control the remaining headers and body of the response of the...

Crystal Shard http-protection 0.2.0 IP Spoofing Bypass

Exploit Title : Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Exploit Author : Halis Duraki @0xduraki Date : 2020-05-28 Product : http-protection Crystal Shard Product URI : https://github.com/rogeriozambon/http-protection Version : http-protection = 0.2.0 CVE : N/A About the product...

CRLF Injection

OpenJDK is vulnerable to carriage-return line-feed CRLF injection. The vulnerability exists through HTTP headers in HttpServer...

Important: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: java-1.7.1-ibm security update

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

Important: Red Hat Security Advisory: java-1.7.1-ibm security update

An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : java-1.8.0-ibm (RHSA-2020:2241)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2241 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

RHEL 7 : java-1.7.1-ibm (RHSA-2020:2238)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2238 advisory. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IB...

HTTP Host Header Injection

A host header injection is inserting both the carriage return and linefeed characters into user input to trick the server. Successful exploitation could allow attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...

Crlf injection

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed CRLF injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this...

CVE-2020-3246 Cisco Umbrella Carriage Return Line Feed Injection Vulnerability

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to perform a carriage return line feed CRLF injection attack against a user of an affected service. The vulnerability is due to insufficient validation of user input. An attacker could exploit this...

CVE-2020-3246

CVE-2020-3246 involves Cisco Umbrella’s web server and a CRLF injection due to insufficient input validation. An unauthenticated, remote attacker could entice a user to visit a crafted URL to inject arbitrary HTTP headers into responses. The connected Cisco advisory notes software updates exist a...

java security update

CentOS Errata and Security Advisory CESA-2020:1507 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

[SECURITY] Fedora 31 Update: haproxy-2.0.14-1.fc31

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

java security update

CentOS Errata and Security Advisory CESA-2020:1508 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

MGASA-2020-0182 Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Misplaced regular expression syntax error check in RegExpScanner Scripting, 8223898 CVE-2020-2754 Incorrect handling of empty string nodes in regular expression Parser Scripting, 8223904 CVE-2020-2755 Incorrect handling of referenc...