RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:0602)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0602 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

CVE-2023-0040

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

Crlf injection

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

Security Bulletin: IBM® MobileFirst Platform on Red Hat® OpenShift® is vulnerable to Http Header injection due to IBM WebSphere® Liberty version used (CVE-2022-34165)

Summary IBM Websphere Liberty is the stack on top of which the MobileFirst runtime is hosted. The Liberty version that is packaged with the MobileFirst Platform on RHOS uses an older Liberty version 19.0.0.5 which is impacted by the vulnerability described in CVE-2022-34165 Vulnerability Details...

CVE-2023-0040

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP header field values before sending them to the network. Users are vulnerable if they pass untrusted...

Async 注入漏洞

Async is a utility module from Caolan McMahon Personal Developer in the UK. It is used to work with asynchronous JavaScript. A security vulnerability exists in Async HTTP Client version 1.13.2 and earlier versions. An attacker exploiting this vulnerability could open source a new HTTP header fiel...

CVE-2023-0040

CVE-2023-0040 affects Async HTTP Client prior to 1.13.2. The root cause is insufficient validation of HTTP header field values, enabling CRLF injection that can inject new HTTP header fields or requests into the data stream. Impact described in the connected documents notes that remote servers ma...

Security Bulletin: Vulnerability in IBM WebSphere Liberty Profile affects IBM InfoSphere Identity Insight (CVE-2022-34165)

Summary The IBM WebSphere Liberty Profile used in IBM InfoSphere Identity Insight is vulnerable to HTTP header injection when processing web requests. This problem is addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: An issue was identified in IBM WebSphere Application Server Liberty that IBM MQ ships (CVE-2022-34165)

Summary An issue was identified in IBM WebSphere Application Server Liberty that IBM MQ ships to provide MQ Console and MQ REST API functionality. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server...

Security Bulletin: IBM SPSS Analytic Server is vulnerable to HTTP header injection(CVE-2022-34165)

Summary IBM SPSS Analytic Server uses IBM WebSphere Application Server Liberty which is vulnerabile to a HTTP header injection vulnerability. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and...

Security Bulletin: An HTTP header injection vulnerability in IBM WebSphere Application Server Liberty (CCVE-2022-34165) affects IBM TXSeries for Multiplatforms

Summary An HTTP header injection vulnerability exists in IBM WebSphere Application Server Liberty used by IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the vulnerability CCVE-2022-34165. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere...

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Robotic Process Automation and allow HTTP Header Injections (CVE-2022-34165)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Robotic Process Automation as part of OCR, Antivirus, and User Management Services which may allow HTTP header injection. This bulletin identifies the security fixes to apply to address this vulnerability...

Security Bulletin: IBM Security Verify Governance is vulnerable to multiple vulnerabilities due to use of IBM WebSphere Application Server Liberty (CVE-2022-34165, CVE-2022-24839)

Summary IBM Security Verify Governance uses IBM WebSphere Application Server Liberty which is vulnerable to HTTP header injection and denial of service CVE-2022-34165, CVE-2022-24839. The fix includes upgrading IBM WebSphere Application Server Liberty with the security patch. Vulnerability Detail...

openSUSE 15 Security Update : python-Django (openSUSE-SU-2023:0005-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0005-1 advisory. - In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 with Python 3.9.5+, URLValidator does not prohibit newlines and tabs...

PT-2023-9604 · Npm +6 · Undici +6

Name of the Vulnerable Software and Affected Versions: Undici versions 2.0.0 through 5.19.0 Description: The issue is related to the undici library not protecting the host HTTP header from CRLF injection vulnerabilities. This could allow a remote attacker to inject arbitrary HTTP headers. The...

Security Bulletin: Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-34165, CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619

Summary Vulnerabilities in Java and IBM WebSphere Application Server Liberty affects IBM Cloud Application Business Insights - CVE-2022-34165, CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619 Vulnerability Details CVEID:CVE-2022-21628 DESCRIPTION: Java SE is vulnerable to a denial o...

perfSONAR 代码问题漏洞

perfSONAR is a widely deployed test and measurement infrastructure used by scientific networks and facilities around the world to monitor and ensure network performance. A security vulnerability exists in perfSONAR versions prior to 4.4.6, which can be exploited by an attacker to cause the...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to HTTP header injection (CVE-2022-34165) in FileNet Content Manager containers

Summary IBM WebSphere Application Server is vulnerable to HTTP header injection when processing web requests. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|---...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application and IBM HTTP Server included as part of IBM Tivoli Monitoring ITM portal server: CVE-2022-34336 CVE-2022-22477 CVE-2022-22473 CVE-2022-34165. The IBM Tivoli Monitoring include IBM HTTP Server is also affected...

Security Bulletin: A security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 (CVE-2022-34165).

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are...