CVE-2024-4109

Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability...

CVE-2024-4109

CVE-2024-4109 is linked to information leakage in Undertow when handling HTTP/2 header reuse. Affected product: Red Hat JBoss Enterprise Application Platform (EAP) 7.x on RHEL7/RHEL8 as referenced by RHSA advisories (e.g., 7.1.12 on RHEL7 and 7.3.15). Root cause: Undertow HTTP/2 handling allows l...

CVE-2024-4109

...

CVE-2024-4109

A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests...

[SECURITY] [DLA 3992-1] libsoup2.4 security update

Debian LTS Advisory DLA-3992-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton December 12, 2024 https://wiki.debian.org/LTS Package : libsoup2.4 Version : 2.72.0-2+deb11u1 CVE ID : CVE-2024-52530 CVE-2024-52531 CVE-2024-52532 Debian Bug : 1088812 1089238 1089240...

Important: libsoup

Issue Overview: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 GNOME libsoup...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.20 Security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 CVE-2024-52532: Fixed infinit...

SUSE-SU-2024:4290-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 - CVE-2024-52532: Fixed...

Amazon Linux 2023 : libsoup, libsoup-devel (ALAS2023-2024-772)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-772 advisory. GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a Transfer-Encoding\0: chunked header is...

Amazon Linux 2022 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2022-2022-013)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-013 advisory. An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations a...

HTTP Request Smuggling

Keycloak Server is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of proxy headers, allowing attackers to exploit non-IP values, leading to costly DNS resolution operations that can overload IO threads...

CVE-2024-48956

CVE-2024-48956 affects Serviceware Processes versions 6.0 through 7.3 prior to 7.4. The issue enables unauthenticated attackers to send a specially crafted HTTP request to a service endpoint, leading to remote code execution. Public sources in the provided documents consistently describe this as ...

The vulnerability of the channel_request_lookahead() function in the WSGI server for Python Waitress allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the channelrequestlookahead function in the WSGI server for Python Waitress is related to synchronization errors when using shared resources due to inconsistent interpretation of HTTP requests. Exploiting this vulnerability allows a remote attacker to send hidden HTTP request...

CBL Mariner 2.0 Security Update: php (CVE-2024-11234)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-11234 advisory. - In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured...

CVE-2024-52558

The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program...

CVE-2024-52320

The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution...

CVE-2024-52558 Planet Technology Planet WGS-804HPT Integer Underflow

The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program...

CVE-2024-52320

Planet Technology WGS-804HPT series switches are affected by CVE-2024-52320, a pre-authentication command injection flaw that can lead to remote code execution via a crafted HTTP request. The issue is documented with high criticality (CVSS v3.1/4.0 scores: 9.8/9.3, network access, no authenticati...

CVE-2024-48871 Planet Technology Planet WGS-804HPT Stack-based Buffer Overflow

The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution...