Design/Logic Flaw

http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service attack consisting of memory exhaustion on the host system. The cause of the memory exhaustion is down...

Denial Of Service (DoS)

github.com/prometheus/clientgolang is vulnerable to Denial Of Service DoS. Lack of proper handling of requests with non-standard HTTP methods allows an attacker to cause unbounded cardinality, and potential memory exhaustion...

AZL-33611 CVE-2022-21698 affecting package local-path-provisioner for versions less than 0.0.21-14

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-34541 CVE-2022-21698 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.2-2

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-33618 CVE-2022-21698 affecting package moby-cli for versions less than 20.10.27-5

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-35122 CVE-2022-21698 affecting package prometheus-process-exporter for versions less than 0.8.2-1

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-34999 CVE-2022-21698 affecting package moby-engine for versions less than 25.0.3-1

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

DEBIAN-CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698 Uncontrolled Resource Consumption in promhttp

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698 Uncontrolled Resource Consumption in promhttp

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21698 Uncontrolled Resource Consumption in promhttp

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

UBUNTU-CVE-2021-45327

Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code...

CVE-2021-35243 HTTP PUT & DELETE Methods Enabled

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server 12.7.7 and earlier, allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

LogMePwn LogMePwn is a fully automated, multi-protocol, reliab...

Design/Logic Flaw

The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client...

CVE-2021-35233

CVE-2021-35233 affects SolarWinds Kiwi Syslog Server 9.7.1 and earlier, where enabling HTTP TRACK & TRACE can cause the server to echo the exact HTTP request in the response, potentially leaking sensitive information such as internal authentication headers appended by reverse proxies. The issue i...

A6: Security Misconfiguration ❗️ — Top 10 OWASP 2017

A6: Security Misconfiguration ❗️ — Top 10 OWASP 2017 Introduction A6: Security Misconfiguration What is Security Misconfiguration? I believe this name was chosen to be as ambiguous as possible for one of the Top 10 OWASP vulnerabilities. It can encompass anything and everything related to...