Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.19.0. Security Fixes: nodejs: HTTP request smuggling using malformed...

CVE-2020-1935

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

Design/Logic Flaw

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

CVE-2020-1935

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

UBUNTU-CVE-2020-1935

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

CVE-2020-1935

CVE-2020-1935 affects Apache Tomcat across multiple branches: 9.0.0.M1–9.0.30, 8.5.0–8.5.50, and 7.0.0–7.0.99. It stems from HTTP header parsing that can mishandle end-of-line and Transfer-Encoding, enabling HTTP Request Smuggling when Tomcat sits behind certain reverse proxies. Impact is informa...

CVE-2020-1935

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

Important: Red Hat Security Advisory: nodejs:10 security update

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Apache Tomcat 9.0.0.M1 < 9.0.31 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.31. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.31security-9 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to...

HTTP Response Splitting

org.wso2.transport.http.netty is vulnerable to HTTP response splitting vulnerability. The vulnerability exists because it does not enable HTTP header validation to prevent the presence of malicious characters in the HTTP header, allowing HTTP headers with malicious content from untrusted sources ...

Design/Logic Flaw

Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled...

CVE-2019-10797

Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled...

CVE-2019-10797

CVE-2019-10797 affects org.wso2.transport.http.netty in WSO2 transport-http prior to version 6.3.1, where HTTP header validation is disabled, enabling HTTP Response Splitting. The issue is rooted in the HTTP header validation logic and impacts HTTP response handling. Mitigation: upgrade to 6.3.1 ...

Denial Of Service (DoS)

@hapi/ammo is vulnerable to denial of service DoS. The Range HTTP header parser causes the function to throw a system error when the header value is invalid, allowing an attacker to crash the application using a malicious header value...

Denial Of Service (DoS)

@commercial/ammo is vulnerable to denial of service. The Range HTTP header parser causes the function to throw a system error when the header value is invalid, allowing an attacker to crash the application using a malicious header value...

Denial of Service

Overview Versions of subtext =4.1.0 are vulnerable to Denial of Service. The Content-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to catching expecte...

Denial of Service

Overview Version 5.1.1 of @commercial/subtext is vulnerable to Denial of Service. The Content-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to catchin...

Denial of Service

Overview Versions of @hapi/accept prior to 3.2.4 or 5.0.1 are vulnerable to Denial of Service. The Accept-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as oppose...

Denial of Service

Overview Versions of @hapi/ammo prior to 3.1.2 or 5.0.1 are vulnerable to Denial of Service. The Range HTTP header parser has a vulnerability which will cause the function to throw a system error if the header is set to an invalid value. Because hapi is not expecting the function to ever throw, t...

Denial of Service

Overview Versions of @commercial/ammo prior to 2.1.1 are vulnerable to Denial of Service. The Range HTTP header parser has a vulnerability which will cause the function to throw a system error if the header is set to an invalid value. Because hapi is not expecting the function to ever throw, the...