netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

Information Disclosure

httpd is vulnerable to information disclosure. The vulnerability exists as the httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this fla...

Cross-site Scripting (XSS)

Mozilla Firefox is vulnerable to cross-site scripting XSS. It happens due to the way Firefox handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. A website that allows arbitrary uploads and relies on the "Content-Disposition:...

CVE-2019-9947

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the path component of a URL that...

Security Bulletin: Resilient is vulnerable to using Python component with known vulnerabilities in RHEL 7

Summary Resilient is vulnerable to using Python component with known vulnerabilities in RHEL 7. CVE-2019-9948 and CVE-2019-9947 are fixed in RHEL7 as part of Errata RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:2030. This update is included in Resilient 34.1.53, released on September...

python-twisted-web security update

12.1.0-6 - Fix CVE-2019-12387 HTTP Header Injection Resolves: rhbz1721518...

CVE-2019-19000 eSOMS Cachecontrol (Pragma) HTTP Header

For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP headers have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information...

Design/Logic Flaw

TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field...

CVE-2020-9375

The CVE-2020-9375 affects the TP-Link Archer C50 V3 router prior to Build 200318 Rel. 62209. A remote attacker can cause a Denial of Service by sending an HTTP request with an illegal Referer header. A Proof-of-Concept exploit exists (PoC) demonstrating a denial-of-service via crafted Referer hea...

CVE-2020-10792

OpenITCOCKPIT versions up to 3.7.2 are affected: an attacker can cause DEVELOPMENT or STAGING to be selected by sending a hostname in the HTTP Host header containing dev or staging. Root cause is improper handling of Host header input. Impact is configuration of environment options. For remediati...

CVE-2019-12131

An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USERID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected...

Design/Logic Flaw

An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USERID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected...

CVE-2019-12131

An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USERID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected...

Security Bulletin: Multiple vulnerabilities affect IBM PureApplication System

Summary There are multiple vulnerabilities that affect IBM PureApplication System. IBM PureApplication System has addressed vulnerabilities. Vulnerability Details CVEID: CVE-2016-5699 DESCRIPTION: urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation...

CVE-2019-13169

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device...

Buffer overflow

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device...

CVE-2019-13169

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device...

EulerOS Virtualization for ARM 64 3.0.2.0 : httpd (EulerOS-SA-2020-1250)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains...

Security Bulletin: A vulnerability in Python affects IBM Operations Analytics Predictive Insights (CVE-2019-18348)

Summary Python is used by IBM Operations Analytics Predictive Insights. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Note that the usage of Python within IBM Operations Analytics Predictive Insights is limited to the REST Mediation utility. If you do not use that...

CVE-2020-10376

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header...