CVE-2022-34362 IBM Sterling Secure Proxy HOST header injection

IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM...

CVE-2022-34362

IBM Sterling Secure Proxy 6.0.3 is affected by an HTTP header injection flaw caused by insufficient validation of HOST headers. The vulnerability could enable attacks such as cross-site scripting, cache poisoning, or session hijacking against vulnerable systems. Affected product/version: IBM Ster...

CVE-2022-34362 IBM Sterling Secure Proxy HOST header injection

IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM...

Security Bulletin: Vulnerability in IBM WebSphere Liberty affects IBM InfoSphere Global Name Management (CVE-2022-34165)

Summary The IBM WebSphere Liberty used in IBM InfoSphere Global Name Management is vulnerable to HTTP header injection when processing web requests. This problem is addressed. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM...

CVE-2022-40224

A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...

GHSA-8Q38-W56M-QQ2C Header injection in TurboGears

A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely...

CVE-2019-25101

A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely...

CVE-2019-25101

A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely...

Design/Logic Flaw

A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely...

CVE-2019-25101 OnShift TurboGears HTTP Header controllers.py response splitting

A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely...

CVE-2019-25101

OnShift TurboGears 1.0.11.10 is affected by a critical issue in the HTTP Header Handler (tur bogears/controllers.py) that enables HTTP response splitting. The vulnerability is exploitable remotely and is addressed by upgrading to version 1.0.11.11. The patch is identified as f68bbaba47f4474e1da55...

Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to HTTP header injection and affected by denial of services due to multiple vulnerabilities.

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to an HTTP header injection caused by improper validation, and affected by a denial of service in GraphQL Java, a denial of service in CyberNeko HTML, and a denial of service in protobuf-java as described in the vulnerabilit...

Moxa SDS-3008 安全漏洞

Moxa SDS-3008 is a series of industrial switches from MOXA China. A denial of service vulnerability exists in the Moxa SDS-3008, which can be exploited by an attacker to send a specially crafted HTTP message header resulting in a denial of service...

VulnCheck KEV: CVE-2019-10891

An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnapmain, which calls system without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header...

Security Bulletin: HTTP header injection vulnerability in Watson Knowledge Catalog for IBM Cloud Pak for Data (CVE-2022-34165)

Summary Watson Knowledge Catalog for IBM Cloud Pak for Data has an internal dependency on IBM WebSphere Application Server Liberty. Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to a HTTP header injection. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-34165...

Security Bulletin: IBM Sterling Secure Proxy vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy 6.0.3.0 and are addressed in the latest iFix. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading ...

USN-5833-1: python-future vulnerability

Sebastian Chnelik discovered that python-future incorrectly handled certain HTTP header field. An attacker could possibly use this issue to cause a denial of service...

Security Bulletin: Due to the use of WebSphere Application Server Liberty, IBM Workload Scheduler is vulnerable to HTTP header injection

Summary WebSphere Application Server Liberty is vulnerable to HTTP header injection CVE-2022-34165. This has been addressed. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 throug...

Fedora 37 : httpd (2023-f6ff3f85eb)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f6ff3f85eb advisory. - new version 2.4.55 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

CentOS 8 : go-toolset:rhel8 (CESA-2023:0446)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:0446 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closin...