CVE-2024-7923 Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

CVE-2024-7923

CVE-2024-7923: Authentication bypass in Pulpcore when deployed with Gunicorn

CVE-2024-7923 Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

CVE-2024-7012 Puppet-foreman: an authentication bypass vulnerability exists in foreman

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

CVE-2024-7012

CVE-2024-7012 describes an authentication bypass in Foreman when deployed with External Authentication, caused by Apache’s mod_proxy failing to unset headers due to underscore handling in HTTP headers. The issue, as stated, could allow an unauthorized user to gain administrative access on all act...

CVE-2024-7923

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

Security Bulletin: Vulnerability in Apache Tomcat affects watsonx.data

Summary Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when a response did not have any HTTP headers set. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34981 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain...

Log4Shell HTTP Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Scanner', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration,...

Carriage Return Line Feed (CRLF) Injection

RestSharp is vulnerable to Carriage Return Line Feed CRLF Injection. The vulnerability is due to the lack of CRLF character validation in HTTP header values by the HttpHeaders.TryAddWithoutValidation method, which allows an attacker to inject additional HTTP headers or smuggle entire HTTP request...

CVE-2024-45302

RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to RestRequest.AddHeader the header value is vulnerable to CRLF injection. The same applies to RestRequest.AddOrUpdateHeader and RestClient.AddDefaultHeader. The way HTTP headers are added to a request is via the...

CVE-2024-45302

RestSharp on .NET is affected by a CRLF injection vulnerability in the header handling: HttpHeaders.TryAddWithoutValidation does not validate CRLF characters in header values, allowing header injection or HTTP request smuggling. The issue concerns RestSharp’s methods such as RestRequest.AddHeader...

GHSA-4RR6-2V9V-WCPC CRLF Injection in RestSharp's `RestRequest.AddHeader` method

Summary The second argument to RestRequest.AddHeader the header value is vulnerable to CRLF injection. The same applies to RestRequest.AddOrUpdateHeader and RestClient.AddDefaultHeader. Details The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method: This...

RestSharp 安全漏洞

RestSharp is RestSharp open source a .NET HTTP client library. NET HTTP client library with automatic serialization and deserialization, request and response type detection. A security vulnerability exists in versions prior to RestSharp 107 that stems from not validating CRLF characters when...

DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server

This High severity org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability was introduced in versions 8.9.0 and 8.19.0 of Bitbucket Data Center and Server. This org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Important: tomcat

Issue Overview: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn l...

Incorrect Handling Of HTTP Headers

github.com/envoyproxy/envoy is vulnerable to Incorrect Handling of HTTP Headers. The vulnerability is due to setCopy header map API not replacing all existing occurrences of a non-inline header and only considering the first value when multiple header values are present. This allows an attackers ...

ROS-20240808-04

A vulnerability in the phpCAS::setUrl function of the phpCAS authentication library is related to the use of HTTP headers to determine the URL of a service used to validate tickets. HTTP to determine the URL of the service used to validate tickets, allowing the control of the host header and use ...

ROS-20240726-05

Apache HTTP Server web server vulnerability is related to failure to take measures to handle sequences of CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely, Perform HTTP response splitting attacks Apache HTTP Server vulnerability is related ...

USN-6914-1: OCS Inventory vulnerability

Filip Hejsek discovered that the phpCAS library included in OCS Inventory was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account...

MGASA-2024-0267 Updated tomcat packages fix security vulnerability

Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of...