422 matches found
Moderate: lynx security update
Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. Security Fixes: lynx: Disclosure of HTTP authentication credentials via SNI data CVE-2021-38165 For more details about the security issues, including the impact, a CVS...
ALSA-2022:2129 Moderate: lynx security update
Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. Security Fixes: lynx: Disclosure of HTTP authentication credentials via SNI data CVE-2021-38165 For more details about the security issues, including the impact, a CVS...
CVE-2022-29167
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...
CVE-2022-29167 ReDoS vulnerability in header parsing in hawk
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...
CVE-2022-29167 ReDoS vulnerability in header parsing in hawk
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...
CVE-2022-29167 ReDoS vulnerability in header parsing in hawk
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...
CVE-2022-20737
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device or to obtain portion...
CVE-2022-20737
CVE-2022-20737 affects Cisco ASA’s Clientless SSL VPN Portal. The issue is an insufficient bounds check when parsing HTTP authentication messages in the portal, allowing an authenticated, remote attacker to trigger a DoS (device reload) or to read portions of the device process memory. Exploitati...
CVE-2022-20737 Cisco Adaptive Security Appliance Software Clientless SSL VPN Heap Overflow Vulnerability
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device or to obtain portion...
CVE-2022-20737 Cisco Adaptive Security Appliance Software Clientless SSL VPN Heap Overflow Vulnerability
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device or to obtain portion...
Cisco Adaptive Security Appliances Software Buffer Overflow Vulnerability
Cisco Adaptive Security Appliances Software is a set of firewalls and network security platforms from the U.S. company Cisco Cisco. The platform provides highly secure access to data and network resources and other features. A buffer overflow vulnerability exists in the Cisco Adaptive Security...
CVE-2022-20737
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device or to obtain portion...
Cisco Adaptive Security Appliance Software Clientless SSL VPN Heap Overflow Vulnerability
A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device or to obtain portion...
Debian DLA-2950-1 : python-scrapy - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2950 advisory. It was found that Scrapy, a framework for extracting data from websites, could send HTTP Authorization as well as cookies to other domains in case of redirections,...
PT-2022-17556 · Softwarex · Softwarex
Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 0.7.2 Description: A race condition can cause incorrect HTTP request routing. The issue affects the routing of some HTTP requests when using httpauth. Recommendations: For versions prior to 0.7.2, upgrade to versio...
CVE-2021-45735
TOTOLINK X5000R v9.1.0u.6118B20201102 was discovered to use the HTTP protocol for authentication into the admin interface, allowing attackers to intercept user credentials via packet capture software...
CVE-2021-45735
CVE-2021-45735 affects TOTOLINK X5000R, specifically v9.1.0u.6118_B20201102. The vulnerability results from the device using the HTTP protocol for admin interface authentication, enabling credential interception via packet capture and exposure of user credentials. Root cause: credential input is ...
CVE-2021-43298
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until...
Design/Logic Flaw
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until...
CVE-2021-43298
CVE-2021-43298 corresponds to a vulnerability in Embedthis GoAhead web server where the password check for HTTP Basic authentication does not use constant-time comparison and lacks rate-limiting, enabling an unauthenticated attacker to brute-force the password by timing responses. Connected sourc...