Tenable.ad < 3.59.5 Multiple Vulnerabilities (TNS-2024-11)

The version of Tenable.ad installed on the remote host is prior to 3.59.5. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-11 advisory. - The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of...

SUSE CVE-2024-24791

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail...

CentOS 9 : python-urllib3-1.26.5-6.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- urllib3-1.26.5-6.el9 build changelog. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization...

CVE-2024-24791

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail...

[SECURITY] Fedora 40 Update: python-urllib3-1.26.19-1.fc40

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

PT-2024-5886 · Go +10 · Go +10

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.22.5 Description: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a...

urllib3 Python Library < 1.26.19, < 2.2.2 (CVE-2024-37891)

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with 'ProxyManager', the 'Proxy-Authorization' header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

UBUNTU-CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

CVE-2024-37891 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidental...

Denial Of Service (DoS)

github.com/envoyproxy/envoy is vulnerable to Denial Of Service DOS. The vulnerability is due to the async HTTP client buffering the mirror response with an unbounded buffer, which allows attackers to potentially cause an out-of-memory scenario by sending huge responses...

GHSA-W235-7P84-XX57 Tornado has a CRLF injection in CurlAsyncHTTPClient headers

Summary Tornado’s curlhttpclient.CurlAsyncHTTPClient class is vulnerable to CRLF carriage return/line feed injection in the request headers. Details When an HTTP request is sent using CurlAsyncHTTPClient, Tornado does not reject carriage return \r or line feed \n characters in the request headers...

USN-6813-1: OpenJDK 21 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 21 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21011 It was discovered that OpenJDK 21 incorrectly performed reverse DNS query...

USN-6811-1: OpenJDK 11 vulnerabilities

It was discovered that the Hotspot component of OpenJDK 11 incorrectly handled certain exceptions with specially crafted long messages. An attacker could possibly use this issue to cause a denial of service. CVE-2024-21011 It was discovered that OpenJDK 11 incorrectly performed reverse DNS query...

RHEL 6 : perl-libwww-perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - perl-libwww-perl: multiple HTTP client download filename vulnerability OCERT 2010-001 CVE-2010-2253 -...

RHEL 4 : perl-libwww-perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - perl-libwww-perl: multiple HTTP client download filename vulnerability OCERT 2010-001 CVE-2010-2253 -...

RHEL 3 : wget (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - wget: multiple HTTP client download filename vulnerability OCERT 2010-001 CVE-2010-2252 Note that Nessus has not...

RHEL 5 : perl-libwww-perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - perl-libwww-perl: multiple HTTP client download filename vulnerability OCERT 2010-001 CVE-2010-2253 -...