Design/Logic Flaw

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...

CVE-2017-1000247

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...

CVE-2017-1000247

CVE-2017-1000247 affects CodeIgniter 3.1.3 with an HTTP header injection vulnerability in set_status_header() under Apache. Root cause is injection via header handling in that function, leading to header manipulation. A patch is available in CodeIgniter 3.1.4 (see changelog link). If using 3.1.3,...

CVE-2017-1000247

British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the setstatusheader common function under Apache resulting in HTTP Header Injection flaws...

CVE-2017-12309

A vulnerability in the Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this...

CVE-2017-16821

b3log Symphony aka Sym 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid...

CVE-2017-16821

Vulnerability : b3log Symphony 2.2.0 is affected by an XSS in processor/AdminProcessor.java within the admin console, triggered by a crafted X-Forwarded-For header that is mishandled when displaying a client IP at /admin/user/userid. Impact : potential XSS in the admin interface as described. Rem...

CVE-2017-16821

b3log Symphony aka Sym 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid...

Apache Httpd < 2.4.33 : Tampering of mod_session data for CGI applications

When modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a "Session" header. This comes from the "HTTPSESSION" variable name used by modsession to forward its data to CGIs, since the prefix...

[SECURITY] Fedora 27 Update: nodejs-forwarded-0.1.2-1.fc27

Parse HTTP X-Forwarded-For header...

[SECURITY] Fedora 27 Update: nodejs-forwarded-0.1.2-1.fc27

Parse HTTP X-Forwarded-For header...

Cisco WebEx Meetings Server Information Disclosure Vulnerability (CNVD-2017-32926)

Cisco WebEx Meetings Server is a highly secure, highly available, fully virtualized behind-the-firewall meeting solution that combines audio, video, and Web conferencing in one solution. An information disclosure vulnerability exists in Cisco WebEx Meetings Server. A remote attacker could obtain...

Debian DSA-4015-1 : openjdk-8 - security update

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in impersonation of Kerberos services, denial of service, sandbox bypass or HTTP header injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packag...

EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2017-1254)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these...

Google Go Denial of Service Vulnerability (CNVD-2017-32897)

Google Go is a programming language optimized for programming applications on multiprocessor systems by Google. A security vulnerability exists in the net/http inventory of the net/http/transfer.go file in versions of Google Go prior to 1.4.3, which stems from the program's failure to properly...

[SECURITY] Fedora 25 Update: nodejs-forwarded-0.1.2-1.fc25

Parse HTTP X-Forwarded-For header...

Ruby on Rails vulnerable to code injection

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

GHSA-RVPQ-5XQX-PFPP Ruby on Rails vulnerable to code injection

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

High severity vulnerability that affects rails

Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOADPATH variable, a different vulnerability than CVE-2006-4112...

OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)

It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additiona...