Security Bulletin: IBM Cloud Pak for Data is vulnerable to HTTP Request Smuggling due to Gunicorn ( CVE-2024-1135 )

Summary Gunicorn is used by IBM Cloud Pak for Data. CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a specially crafted HTTPS transfer-encoding...

NetScaler-13.1-Warning "is_whitelisted_request - Dropping invalid http request" in ns.log

You may see warning message like below in ns.log and would like to know why this log exists. Aug 12 16:50:25 X.X.X.X 08/12/2024:07:50:25 GMT XXX 0-PPE-2 : default SSLVPN Message 918225 0 :"iswhitelistedrequest - Dropping invalid http request:|/v1|"...

Exploit for HTTP Request Smuggling in Apache Http_Server

CVE 2023 25690 - Proof of Concept Published: 7 March 2023...

CVE-2025-48045

An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials...

Security Bulletin: Multiple vulnerabilities in eclipse jetty may affect IBM Business Automation Workflow Case Configuration tool

Summary IBM Business Automation Workflow Case configuration tool packages vulnerable versions of the eclipse jetty open source library. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a fl...

SUSE-SU-2025:01504-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 - CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 - CVE-2025-32051: Fixed segmentation fault when parsing malformed dat...

Ubuntu: Security Advisory (USN-7543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-23061 · Citrix · Citrix Netscaler

Name of the Vulnerable Software and Affected Versions: Citrix NetScaler affected versions not specified Description: The issue concerns HTTP Request Smuggling. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue...

CVE-2025-41653

An unauthenticated remote attacker can exploit a denial-of-service vulnerability in the device's web server functionality by sending a specially crafted HTTP request with a malicious header, potentially causing the server to crash or become unresponsive...

ABB M2M Gateway HTTP Request Smuggling in embedded Apache HTTP Server (CVE-2023-25690)

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

CVE-2024-25129

The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...

CVE-2024-8912

An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: Looker Google Cloud core was found to be vulnerable. This issue has already been mitigated and our...

CVE-2024-52558

The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program...

CVE-2024-20508

A vulnerability in Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service DoS condition on an affected device. This vulnerability is...

CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user witho...

CVE-2024-32394

An issue in ruijie.com/cn RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 and RG-RSR10-01G-TWA-S RSR3.01B9P2RSR10-01G-TW-S07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request...

CVE-2024-23663

An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...

CVE-2024-20335

A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid...

CVE-2024-23788

Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request GET from the affected product...

CVE-2024-1021

A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The...