kubernetes: Schema info written with world-writeable permissions when cached

A flaw was found in kubectl that leaves http-cache files with read/write permissions for any user. In conjunction with a non-default value for --cache-dir, this may lead to the cache content being placed in a location accessible to other users on the system...

CVE-2019-4216

IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187...

Design/Logic Flaw

IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187...

CVE-2019-4216

CVE-2019-4216 affects IBM Operations Analytics - Log Analysis (formerly SmartCloud/Log Analysis) versions 1.3.1–1.3.5. The vulnerability is a host header injection in HTTP requests, which could lead to HTTP cache poisoning or firewall bypass. The IBM security bulletin confirms the affected versio...

CVE-2019-4216

IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM X-Force ID: 159187...

kubernetes: Schema info written with world-writeable permissions when cached

A flaw was found in kubectl that leaves http-cache files with read/write permissions for any user. In conjunction with a non-default value for --cache-dir, this may lead to the cache content being placed in a location accessible to other users on the system...

Design/Logic Flaw

A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains...

CVE-2018-13384

A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains...

CVE-2018-13384

The connected documents confirm a Host Header Redirection vulnerability in Fortinet FortiOS, affecting FortiOS SSL-VPN web portal prior to version 6.0.5. The root cause is improper validation of HTTP request headers, enabling an unauthenticated remote attacker to induce redirects to arbitrary web...

CVE-2018-13384

A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains...

CVE-2018-13384

A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains...

Insecure Cache Configurations

github.com/kubernetes/kubernetes uses insecure cache configurations. Using the flag --cache-dir causes the http-cache files under .kube/http-cache to be world-writeable, allowing any users or groups or process to write those files and cause kubectl invocation disruption...

CVE-2018-11347

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...

Design/Logic Flaw

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...

CVE-2018-11347

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to...

CVE-2018-11347

The CVE-2018-11347 entry concerns the YunoHost web application (versions 2.7.2 through 2.7.14). Affected component/issue: HTTP Response Header Injection, enabling an attacker to inject one or more HTTP headers in server responses. Attack requirements: user interaction is needed (the attacker must...

Security Bulletin: IBM Tivoli Monitoring Basic Services Vulnerability (CVE-2016-5933)

Summary A vulnerability has been resolved in the Basic Services component of IBM Tivoli Monitoring in which the Firewall Proxy Gateway was vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. Vulnerability Details CVEID: CVE-2016-5933...

Information disclosure

Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox 49.0.2...

CVE-2016-5288

Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox 49.0.2...

CVE-2016-5288

Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox 49.0.2...