Apache HTTP Server 2.4.17 < 2.4.49 'mod_proxy' HTTP/2 Request Smuggling Vulnerability - Windows

Apache HTTP Server is prone to an HTTP/2 request smuggling vulnerability in the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Apache HTTP Server 2.4.17 < 2.4.49 'mod_proxy' HTTP/2 Request Smuggling Vulnerability - Linux

Apache HTTP Server is prone to an HTTP/2 request smuggling vulnerability in the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

HTTP Request Smuggling in Web Proxies

Overview HTTP web proxies and web accelerators that support HTTP/2 for an HTTP/1.1 backend webserver are vulnerable to HTTP Request Smuggling. Description The affected systems allow invalid characters such as carriage return and newline characters in HTTP/2 headers. When an attacker passes these...

varnish:6 security update

varnish 6.0.6-2.1 - Resolves: 1982861 - CVE-2021-36740 varnish:6/varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request varnish-modules 0.15.0-5 - Related: 1795673 - RFE: rebase varnish:6 to latest 6.0.x LTS...

Oracle Linux 8 : varnish:6 (ELSA-2021-2988)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2988 advisory. - Resolves: 1982861 - CVE-2021-36740 varnish:6/varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request varnish-modules...

[ASA-202108-1] nodejs: arbitrary code execution

Arch Linux Security Advisory ASA-202108-1 ========================================= Severity: High Date : 2021-08-03 CVE-ID : CVE-2021-22930 Package : nodejs Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2239 Summary ======= The package nodejs before versi...

[ASA-202108-3] nodejs-lts-erbium: arbitrary code execution

Arch Linux Security Advisory ASA-202108-3 ========================================= Severity: High Date : 2021-08-03 CVE-ID : CVE-2021-22930 Package : nodejs-lts-erbium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2241 Summary ======= The package...

[ASA-202108-2] nodejs-lts-fermium: arbitrary code execution

Arch Linux Security Advisory ASA-202108-2 ========================================= Severity: High Date : 2021-08-03 CVE-ID : CVE-2021-22930 Package : nodejs-lts-fermium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2240 Summary ======= The package...

Important: Red Hat Security Advisory: varnish:6 security update

An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.1 Extended Update Support, and Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

varnish:6 security update

An update is available for varnish, varnish-modules. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Varnish Cache is a high-performance HTTP accelerator. It...

Important: varnish:6 security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: HTTP/2 request smuggling attack via a large Content-Length header for ...

RLSA-2021:2988 Important: varnish:6 security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: HTTP/2 request smuggling attack via a large Content-Length header for ...

CVE-2019-9514

A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...

Updated varnish packages fix a security vulnerability

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8...

Updated netty packages fix security vulnerabilities

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

CVE-2019-20444

A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF carriage return, line feed without being followed by SP space or HTAB horizontal tab, result in situations where headers can be misread. Dat...

Moderate: Red Hat Security Advisory: EAP XP 2 security update to CVE fixes in the EAP 7.3.x base

This advisory resolves CVE issues filed against XP2 releases that have been fixed in the underlying EAP 7.3.x base. There are no changes to the EAP XP2 code base. NOTE: This advisory is informational only. There are no code changes associated with it. No action is required. Red Hat Product Securi...

KLA12362 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in HTTP/2 connections can be exploited via special crafted requests to cause...

CVE-2021-36740

A flaw was found in Varnish. The Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. As a result, this flaw allows the information on the Varnish cache to be poisoned. The highest threat from this...

CVE-2021-36740

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8...