Mageia: Security Advisory (MGASA-2020-0361)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-33193)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-33193 Vulnerability Details CVEID: CVE-2021-33193 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by improper input validation in HTTP/2 message processing. A remote attacker could explo...

CVE-2021-41732

An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis. NOTE: the vendor's position is that the observed behavior is intended...

Cross site request forgery (csrf)

DISPUTED An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis. NOTE: the vendor's position is that the observed behavior is intended...

CVE-2021-41732

CVE-2021-41732 affects Zeek 4.1.0 and is described as a HTTP request splitting vulnerability that will invalidate any Zeek HTTP-based security analysis. The observed behavior is noted by the vendor as intended in Zeek. The connected documents consistently reference Zeek 4.1.0 and the HTTP-splitti...

CVE-2021-41732

Removed by vendor...

CVE-2021-32598

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splittin...

Crlf injection

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splittin...

Fortinet FortiManager and Fortinet FortiAnalyzer Environment Issue Vulnerability

Fortinet FortiManager is a centralized network security management platform from Fortinet, Inc. Fortinet FortiAnalyzer is a centralized network security reporting solution that allows for centralized management of any number of Fortinet devices and the ability to group devices into different...

In Twisted Web through 19.10.0 there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.

...

SUSE: Security Advisory (SUSE-SU-2020:14460-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:0395-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:14590-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM DataPower Gateway is affected by a vulnerability in Node.js (CVE-2018-12123)

Summary IBM DataPower Gateway has addressed the following vulnerability: CVE-2018-12123 Vulnerability Details CVEID: CVE-2018-12123 DESCRIPTION: Node.js is vulnerable to HTTP request splitting attacks, caused by improper input validation by the path option of an HTTP request. A remote attacker...

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request then data can be provided which will trigger a second unexpected and user-defined HTTP request to made to the same server.

...

Oracle Linux 8 : squid:4 (ELSA-2020-3623)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3623 advisory. - Resolves: 1872345 - CVE-2020-15811 squid:4/squid: HTTP Request Splitting could result in cache poisoning - Resolves: 1872330 - CVE-2020-15810...

Squid < 4.13 Multiple Vulnerabilities

According to its self-reported version number, the version of Squid installed on the remote host is 5.x 5.0.4 or prior to 4.13. It is, therefore, affected by multiple vulnerabilities: - Due to incorrect data validation Squid is vulnerable to HTTP request splitting and HTTP request smuggling attac...

Squid < 4.9 Multiple Vulnerabilities

According to its self-reported version number, the version of Squid installed on the remote host is prior to 4.9. It is, therefore, affected by multiple vulnerabilities: - A heap overflow and possible a remote code execution exist due to incorrect buffer management when processing URN...

CentOS 8 : squid:4 (CESA-2020:3623)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3623 advisory. - squid: HTTP Request Smuggling could result in cache poisoning CVE-2020-15810 - squid: HTTP Request Splitting could result in cache poisoning...

SUSE-SU-2020:14590-1 Security update for squid3

This update for squid3 fixes the following issues: - CVE-2020-15811: Fixed an HTTP request splitting vulnerability bsc1175665. - CVE-2020-24606: Fixed a DoS vulnerability when processing Cache Digest Responses bsc1175671. - CVE-2020-15810: Fixed an HTTP request smuggling vulnerability bsc1175664...