Linux Distros Unpatched Vulnerability : CVE-2026-33523

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Serve...

ruby:3.1 security update

ruby 3.1.5-145 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: RHEL-68530 3.1.5-144 - Upgrade to Ruby 3.1.5. Resolves: RHEL-33978 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-34129 - Fix RCE vulnerability with .rdocoptions in RDoc. Resolves: RHEL-34121 - Fix arbitrary...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2024:1788-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1788-1 advisory. - CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code bsc1222330. - CVE-2024-24795: Fixed handlin...

SUSE-SU-2024:1627-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code bsc1222330. - CVE-2024-24795: Fixed handling of malicious HTTP splitting response headers in multiple modules bsc1222332. - CVE-2024-27316: Fixed HTTP/2...

Nginx Cloud Storage HTTP Splitting

The scanner has detected that the Nginx configuration has a directive location specified to query a cloud storage instance. However, it is possible to insert an arbitrary payload containing a line break, which allows a malicious attacker to change the cloud storage instance to be queried. It is...

CVE-2023-23936

A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection...

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900

Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of these vulnerabilities CVE-2016-6816, CVE-2016-6817, and CVE-2016-6796 could allow a remote attacker to obtain sensitive information, cause an application to...

SUSE CVE-2010-2761

The multipartinit function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v...

Gunicorn < 19.5.0 HTTP Response Splitting

According to its self-reported version number, the version of Gunicorn installed on the remote host is prior to 19.5.0. It is, therefore, affected by a HTTP response splitting vulnerability in the 'processheaders' function. Note that the scanner has not tested for these issues but has instead...

CVE-2021-32598

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splittin...

CRLFMap - A Tool To Find HTTP Splitting Vulnerabilities

CRLFMap is a tool to find HTTP Splitting vulnerabilities Why? I wanted to write a tool in Golang for concurrency I wanted to be able to fuzz both parameters and paths Installation go get github.com/ryandamour/crlfmap Help Available Commands: help Help about any command scan A scanner for all your...

Microsoft Outlook Web Access Build 15.1.1591 Header Injection Exploit

Exploit for windows platform in category web applications !/usr/bin/perl -w Microsoft Outlook Web Access build:15.1.1591 Remote Header 'Host' Injection Exploit Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. Th...

Microsoft Outlook Web Access Build 15.1.1591 Header Injection

!/usr/bin/perl -w Microsoft Outlook Web Access build:15.1.1591 Remote Header 'Host' Injection Exploit Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...

Node.js 'HTTP Splitting' Privilege Escalation Vulnerability - Windows

Node.js is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

Node.js 'HTTP Splitting' Privilege Escalation Vulnerability - Mac OS X

Node.js is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2017-1503)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the Security Bulletin HTTP splitting attack in WAS Edg...

CVE-2011-1895

Microsoft Forefront UAG (2010 Gold/Update 1/Update 2/SP1) is affected by multiple vulnerabilities addressed in MS11-079. The CVE-2011-1895 issue is an HTTP response-splitting/CRLF injection in ExcelTable.asp that can lead to header tampering and related cross-site scripting attacks; related CVEs ...

HP System Management Homepage < 6.2 Multiple Vulnerabilities

Binary data 5667.prm...

[Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability

Hackers Center Security Group http://www.hackerscenter.com/ Zinho's Security Advisory Desc: Http Splitting leads to email account stealing Product: SQWebmail Risk: High A dangerous http splitting attack can be taken against mailboxes that use Sqwebmail as web mail interface. Anyone can send a...

WordPress Blog HTTP Splitting Vulnerability

Exploit for unknown platform in category web applications =========================================== WordPress Blog HTTP Splitting Vulnerability =========================================== This script is C Tenable Network Security ifdescription scriptid15443; scriptbugtraqid11348; scriptversion...