SUSE SLES15 Security Update : grub2 (SUSE-SU-2022:2036-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2036-1 advisory. - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that t...

Sensitive header uncleared on same-host, cross-port redirect

Description Sensitive headers are uncleared on cross-port redirect Proof of Concept poc.php 'http://10.0.2.4', ;...

Design/Logic Flaw

Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a loc...

CVE-2022-29227 Use after free in Envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local...

CVE-2022-29227 Use after free in Envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local...

HTTP User Agent Remote Code Execution

HTTP headers let the client and the server pass arbitrary information with an HTTP request User Agent field. A remote attacker may use the User Agent header to run arbitrary code on an affected target...

CVE-2022-28734

A flaw was found in grub2 when handling split HTTP headers. While processing a split HTTP header, grub2 wrongly advances its control pointer to the internal buffer by one position, which can lead to an out-of-bounds write. This flaw allows an attacker to leverage this issue by crafting a maliciou...

Oracle Linux 7 : grub2 (ELSA-2022-9469)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9469 advisory. - Add CVE-2022-28736 to the list JIRA: OLDIS-16371 - Fix: CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28735...

EulerOS 2.0 SP3 : ceph-common (EulerOS-SA-2022-1708)

According to the versions of the ceph-common packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via...

Huawei EulerOS: Security Advisory for ceph-common (EulerOS-SA-2022-1708)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Jenkins Diagnostic page exposed session cookies

Jenkins shows various technical details about the current user on the /whoAmI page. In a previous fix, the Cookie header value containing the HTTP session ID was redacted. However, user metadata shown on this page could also include the HTTP session ID in Jenkins 2.218 and earlier, LTS 2.204.1 an...

GHSA-5957-5CRX-79JX Zenario CMS vulnerable to CRLF injection

CRLF injection vulnerability in Zend\Mail ZendMail in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email...

Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by readin...

GHSA-F7FV-V9RH-PRVC Tornado CRLF injection vulnerability

CRLF injection vulnerability in the tornado.web.RequestHandler.setheader function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input...

GHSA-5XM9-RF63-WJ7H Improper Control of Generation of Code in Spring Security

CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...

GHSA-FG5Q-R2Q5-QMH3 Drupal CRLF injection vulnerability in the drupal_set_header function

CRLF injection vulnerability in the drupalsetheader function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP...

GHSA-XC66-MG8R-Q6R5 Apache Wicket vulnerable to CSRF attacks

Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided...

GHSA-QCQR-HCJQ-WHFQ Improper Neutralization of CRLF Sequences in Wildfly Undertow

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform EAP 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

iQ Block Country <= 1.2.18 - Protection Bypass due to IP Spoofing

The plugin does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. PoC curl -i -H 'CF-CONNECTING-IP: 0.0.0.0' https://example.com...

CVE-2019-20445

A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...