F5 Networks BIG-IP : TMM vulnerability (K14693346)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.3.1 / 16.0.1.1. It is, therefore, affected by a vulnerability as referenced in the K14693346 advisory. - On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a...

Code injection

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

PYSEC-2021-16

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

CVE-2021-21240

CVE-2021-21240 affects httplib2 prior to 0.19.0. A malicious server can send a WWW-Authenticate header containing a long sequence of non-breaking spaces (\xa0), causing a Denial of Service by CPU-intensive header parsing. The root cause is in how httplib2 parses auth headers; a fix was implemente...

CVE-2021-21240

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

CVE-2021-21240 Regular Expression Denial of Service in httplib2

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

GHSA-93XJ-8MRV-444M Regular Expression Denial of Service (REDoS) in httplib2

Impact A malicious server which responds with long series of \xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said server. Patches Version 0.19.0 contains new implementation of auth headers parsing, using...

PT-2021-6101

Name of the Vulnerable Software and Affected Versions httplib2 versions prior to 0.19.0 Description A malicious server which responds with long series of xa0 characters in the www-authenticate header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

EulerOS 2.0 SP5 : python (EulerOS-SA-2021-1226)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP.CVE-2020-27619 -...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.5 (RHSA-2021:0246)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0246 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Klog Server Unauthenticated Command Injection Vulnerability', 'Description' = %q This module exploits an unauthenticated command injection...

EulerOS 2.0 SP3 : python (EulerOS-SA-2021-1114)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP.CVE-2020-27619 -...

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 1.7.6 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a unauthenticated command execution...

Shodan Host Port

This module uses the shodan API to return all port information found on a given host IP. Module Options msf use auxiliary/gather/shodanhost msf auxiliaryshodanhost show actions ...actions... msf auxiliaryshodanhost set ACTION msf auxiliaryshodanhost show options ...show and set options... msf...

Pulse Secure VPN Remote Code Execution Exploit

The Pulse Connect Secure appliance versions prior to 9.1R9 suffer from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in remote code execution as root. Admin credentials are required for successful exploitation...

CVE-2020-26234

Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for...

Disabled Hostname Verification in Opencast

Opencast before version 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for...

CVE-2020-26234

Opencast versions before 8.9 and 7.9 disable HTTPS hostname verification in its HTTP client, enabling potential MITM attacks. Root cause: hostname verification was disabled for a large portion of HTTP requests. Affected component/file: Opencast HTTP client. Impact: confidentiality/integrity conce...

DEBIAN-CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...