16591 matches found
CVE-2023-46589 Apache Tomcat: HTTP request smuggling via malformed trailer headers
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...
CVE-2023-46589 Apache Tomcat: HTTP request smuggling via malformed trailer headers
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...
CVE-2023-34055
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...
rclone -- Multiple vulnerabilities
Multiple vulnerabilities in ssh and golang CVE-2023-45286: HTTP request body disclosure in go-resty disclosure across requests. CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity...
Rocky Linux 8 : squid:4 (RLSA-2023:7213)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7213 advisory. - SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past...
SUSE SLED15: libxerces-c-3_2 / libxerces-c-3_2-32bit / libxerces-c-devel / etc (SUSE-SU-2023:4586-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4586-1 advisory. - CVE-2023-37536: Fixed an integer overflow that could have led to a out-of-bounds memory accesses...
SUSE: Security Advisory (SUSE-SU-2023:4589-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-Q3QX-C6G2-7PW2 aiohttp's ClientSession is vulnerable to CRLF injection via version
Summary Improper validation make it possible for an attacker to modify the HTTP request e.g. to insert a new header or even create a new HTTP request if the attacker controls the HTTP version. Details The vulnerability only occurs if the attacker can control the HTTP version of the request...
aiohttp's ClientSession is vulnerable to CRLF injection via version
Summary Improper validation make it possible for an attacker to modify the HTTP request e.g. to insert a new header or even create a new HTTP request if the attacker controls the HTTP version. Details The vulnerability only occurs if the attacker can control the HTTP version of the request...
GHSA-QVRW-V9RV-5RJX aiohttp's ClientSession is vulnerable to CRLF injection via method
Summary Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. Details The vulnerability occurs only if the attacker can control the HTTP method GET, POST etc. of the...
aiohttp's ClientSession is vulnerable to CRLF injection via method
Summary Improper validation makes it possible for an attacker to modify the HTTP request e.g. insert a new header or even create a new HTTP request if the attacker controls the HTTP method. Details The vulnerability occurs only if the attacker can control the HTTP method GET, POST etc. of the...
GO-2023-2328 HTTP request body disclosure in github.com/go-resty/resty/v2
A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buff...
Security Bulletin: IBM Integration Bus is vulnerable to multiple vulnerabilities in Eclipse Jetty. (CVE-2023-40167, CVE-2023-26049, CVE-2022-2047, IBM X-Force ID: 261776)
Summary IBM Integration Bus is vulnerable to multiple vulnerabilities in Eclipse Jetty. CVE-2023-40167, CVE-2023-26049, CVE-2022-2047, IBM X-Force ID: 261776 Vulnerability Details CVEID: CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the...
SUSE: Security Advisory (SUSE-SU-2023:4545-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : xerces-c (SUSE-SU-2023:4543-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4543-1 advisory. - CVE-2023-37536: Fixed an integer overflow that could have led to a out-of-bounds memory accesses bsc1216156. Tenable has extracted the...
Security Bulletin: IBM Rational Build Forge 8.0.0.25 addresses multiple vulnerabilities
Summary IBM Rational Build Forge 8.0.0.25 addresses multiple vulnerabilities Vulnerability Details CVEID:CVE-2023-42794 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by accumulation of temporary files on Windows when a web application opened a stream for an uploaded file...
SUSE-SU-2023:4545-1 Security update for squid
This update for squid fixes the following issues: - CVE-2023-46728: Remove gopher support bsc1216926. - Fixed overread in HTTP request header parsing bsc1217274...
SUSE-SU-2023:4544-1 Security update for squid
This update for squid fixes the following issues: - CVE-2023-46728: Remove gopher support bsc1216926. - Fixed overread in HTTP request header parsing bsc1217274...
Security Bulletin: IBM Sterling Connect:Direct Browser User Interface is vulnerable to multiple vulnerabilities due to Eclipse Jetty
Summary IBM Sterling Connect:Direct Browser User Interface uses Eclipse Jetty server. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using the...
Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty
Summary IBM Sterling Connect:Direct Web Services uses Eclipse Jetty. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using the optional nested...