TYPO3 HTTP Host Header Injection Vulnerability (TYPO3-CORE-SA-2021-015)

TYPO3 is prone to an HTTP host header injection vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if...

CVE-2021-42045

CVE-2021-42045 affects MediaWiki’s SecurePoll Growth extension (up to v1.36.2). The issue enables poll alert creation by manipulating the User-Agent header during vote submission. PT Security advisories indicate fixes in newer MediaWiki releases (e.g., 1.36.3+ and 1.37.1+), with broader guidance ...

Host Spoofing

typo3/cms is vulnerable to Host Spoofing. Improper validation of HTTP Host header allow attackers to forge the header to any value, resulting in impersonation of a legitimate user...

GHSA-M2JH-FXW4-GPHM HTTP Host Header Injection

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C 3.5 Problem It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend...

CVE-2021-41100

Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the Authorization header. As the short-lived token is only meant as means of...

Vulnerability fixed in Sonatype Nexus

Sonatype has fixed a vulnerability in Nexus Repository. A unauthenticated malicious party could potentially gain access to sensitive information via an HTTP header injection to potentially gain access to sensitive information. Sonatype has released little further substantive information. Sonatype...

Multiple vulnerabilities in Cybozu Remote Service

Overview Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-525 Cross-site request forgery vulnerability in the management screen CWE-352 - CVE-2021-20795 CyVDB-1742 Path traversal vulnerability in the management screen CWE-22 - CVE-2021-20796...

JVN#52694228: Multiple vulnerabilities in Cybozu Remote Service

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-525 Cross-site request forgery vulnerability in the management screen CWE-352 - CVE-2021-20795 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N| Base Score:...

Cybozu Remote Service 注入漏洞

Cybozu Remote Service is a remote service management software used to access Cybozu's internal systems by Cybozu Japan.Cybozu Remote Service is vulnerable to HTTP header injection. A remote attacker can use this vulnerability to alter information stored in the product...

Google Extensible Service Proxy Header Forgery

Extensible Service Proxy a.k.a. ESP is an open source software by Google assisting Cloud Endpoints, a product on Google Cloud Platform. ESPv1 is an nginx based proxy which enables API management capabilities for JSON/REST or gRPC API services. In a typical deployment, ESP is running and fronting...

Command injection

Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCUSHELL URI...

CVE-2019-6288

Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCUSHELL URI...

Python < 2.7.10, 3.x < 3.3.7, 3.4.x < 3.4.4 HTTP Header Injection Vulnerability (bpo-22928) - Windows

Python is prone to a HTTP header injection vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Python < 2.7.10, 3.x < 3.3.7, 3.4.x < 3.4.4 HTTP Header Injection Vulnerability (bpo-22928) - Linux

Python is prone to a HTTP header injection vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Python < 2.7.10, 3.x < 3.3.7, 3.4.x < 3.4.4 HTTP Header Injection Vulnerability (bpo-22928) - Mac OS X

Python is prone to a HTTP header injection vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

[SECURITY] Fedora 33 Update: haproxy-2.2.17-1.fc33

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

Python 2.x < 2.7.17, 3.x < 3.5.8, 3.6.x < 3.6.9, 3.7.x < 3.7.4 HTTP Header Injection Vulnerability (bpo-30458) - Mac OS X

Python is prone to a HTTP header injection vulnerability follow-up of CVE-2016-5699. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Python 2.x < 2.7.17, 3.x < 3.5.8, 3.6.x < 3.6.9, 3.7.x < 3.7.4 HTTP Header Injection Vulnerability (bpo-30458) - Linux

Python is prone to a HTTP header injection vulnerability follow-up of CVE-2016-5699. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Ubuntu: Security Advisory (USN-5063-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-F34X-8PF6-QC9C HTTP header injection in Sonatype Nexus Repository

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...