CVE-2023-37978

Server-Side Request Forgery SSRF vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11...

CVE-2023-37978

Server-Side Request Forgery SSRF vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11...

CVE-2023-37978 WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Server Side Request Forgery (SSRF)

Server-Side Request Forgery SSRF vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11...

CVE-2023-37978 WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Server Side Request Forgery (SSRF)

Server-Side Request Forgery SSRF vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11...

CVE-2023-37978

The CVE-2023-37978 entry concerns the WordPress HTTP Headers plugin. Affected versions are

PT-2023-26225 · Unknown · Dimitar Ivanov Http Headers

Name of the Vulnerable Software and Affected Versions: Dimitar Ivanov HTTP Headers versions 1.18.11 and earlier Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. This means an attacker could potentially force the server to make unintended requests, leading to...

Aws-Waf-Header-Analyzer - The Purpose Of The Project Is To Create Rate Limit In AWS WaF Based On HTTP Headers

The purpose of the project is to create rate limit in AWS WaF based on HTTP headers. Golang is a dependencie to build the binary. See the documentation to install: https://go.dev/doc/install make sudo make install The rules configuration is very simple, for example, the threshold is the limited o...

Crlf injection

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.p...

Crlf injection

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.c...

CVE-2023-4767 Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.c...

CVE-2023-4767

CVE-2023-4767 describes a CRLF injection in ManageEngine Desktop Central v9.1.0. The vulnerability affects the fileName parameter in the endpoint "/STATE_ID/1613157927228/InvSWMetering.csv", enabling an attacker to inject arbitrary HTTP headers and perform HTTP response splitting. Exploitation st...

DEBIAN-CVE-2023-5824

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk...

CVE-2023-5307 Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers

The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers...

Oracle Linux 7 : grub2 (ELSA-2023-12952)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12952 advisory. - Add CVE-2022-28736 to the list JIRA: OLDIS-16371 - Fix: CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28735...

Debian dla-3629 : ceph - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3629 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3629-1 [email protected]...

PT-2023-7039

Name of the Vulnerable Software and Affected Versions Squid affected versions not specified Description A flaw was found in Squid, where the limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configur...

Allocation of Resources Without Limits or Throttling

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

PT-2023-8983

Name of the Vulnerable Software and Affected Versions Squid versions prior to 6.5 Description Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug, Squid may be vulnerable to a Denial of Service attack against HTT...

K75431121: BIG-IP APM OAuth Bearer with SSO does not process HTTP headers as expected

Security Advisory Description BIG-IP APM OAuth Bearer Single Sign-On SSO may forward HTTP headers as-is without the expected processing when all of the following conditions are met: Bearer SSO configured API Protection profile in use OAuth token failure occurs Impact HTTP headers are forwarded...