Denial of Service

Overview All versions of ammo are vulnerable to Denial of Service. The Range HTTP header parser has a vulnerability which will cause the function to throw a system error if the header is set to an invalid value. Because hapi is not expecting the function to ever throw, the error is thrown all the...

PT-2020-6876 · Abb · Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 4.0 to 6.0.2 Description: The issue is related to the absence of the X-Frame-Options header in the HTTP response, which can potentially allow 'ClickJacking' attacks. This type of attack occurs when an attacker frames parts ...

UBUNTU-CVE-2015-5741

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...

CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

Authorization

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

UBUNTU-CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

CVE-2019-15606

CVE-2019-15606 affects Node.js 10.x, 12.x and 13.x where trailing whitespace in HTTP header values can bypass header-based authorization. Public disclosures in Debian (DSA-4669-1) and Gentoo/Gentoo GLSA-202003-48 confirm multipleVulns including 15606; Elastic KB notes DoS/HTTP‑smuggling implicati...

CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

February 2020 Security Releases

February 2020 Security Releases Update 6-February-2020 Security releases available Updates are now available for all active Node.js release lines for the following issues. HTTP request smuggling using malformed Transfer-Encoding header Critical CVE-2019-15605 Affected Node.js versions can be...

The vulnerability of the API Framework web server component of Cisco Web Security Appliance (WSA) and the Cisco Content Security Management Appliance (SMA) security management device allows a perpetrator to inject arbitrary HTTP headers into responses.

The vulnerability of the API Framework web server component of Cisco Web Security Appliance WSA and the Cisco Content Security Management Appliance SMA security management device is related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a malicious...

Ability to expose data in Sylius by using an unintended serialisation group

Impact ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

GHSA-8VP7-J5CJ-VVM2 Ability to expose data in Sylius by using an unintended serialisation group

Impact ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

Cisco Content Security Management Appliance HTTP Header Injection Vulnerability

According to its self-reported version, the Cisco Content Security Management Appliance SMA is affected by a HTTP Header Injection vulnerability. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. C Tenable Network Security, Inc. include'compat.inc'; if...

DEBIAN-CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...

CVE-2019-20444

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."...