16598 matches found
PT-2024-8962 · Haproxy +6 · Haproxy +6
Name of the Vulnerable Software and Affected Versions: HAProxy affected versions not specified Description: The issue is related to an inconsistent interpretation of HTTP requests, also known as 'HTTP Request/Response Smuggling' or 'Contrabando de solicitudes/respuestas HTTP'. This allows a remot...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : libsoup vulnerabilities (USN-7126-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7126-1 advisory. It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could...
Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : libsoup3 vulnerabilities (USN-7127-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7127-1 advisory. It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue...
USN-6988-2: Twisted vulnerability
USN-6988-1 fixed CVE-2024-41671 in Twisted. The USN incorrectly stated that previous releases were unaffected. This update provides the equivalent fix for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Ben Kallus discovered that Twisted incorrectly handled...
SUSE CVE-2024-11234
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...
Fedora: Security Advisory (FEDORA-2024-a059ea1dfc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-26280
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control...
CVE-2023-26280 IBM Jazz Foundation improper access control
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control...
CVE-2023-26280 IBM Jazz Foundation improper access control
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control...
CVE-2023-26280
The CVE-2023-26280 issue affects IBM Jazz Foundation 7.0.2 and 7.0.3, where improper access control could let a user change their dashboard via a specially crafted HTTP request. The root cause is access-control weakness in the dashboard feature, with a CVSSv3.1 base score of 5.3 (Network, Low att...
CVE-2024-11234
A flaw was found in PHP. In affected versions of PHP, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized, which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the...
AZL-53613 CVE-2024-11234 affecting package php for versions less than 8.1.31-1
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...
CVE-2024-11234
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...
CVE-2024-11234
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...
DEBIAN-CVE-2024-11234
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...
CVE-2024-11234
The CVE-2024-11234 entry concerns HTTP request smuggling via PHP streams when a proxy is configured and the request_fulluri option is used. Affected PHP versions are 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14. The vulnerability arises from improper URI sanitization in strea...
CVE-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...
CVE-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...
CVE-2024-11234
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...
CVE-2024-11234
In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...