The Ceph Object Gateway CRLF Vulnerability(CVE-2 0 1 5-5 2 4 5)-vulnerability warning-the black bar safety net

CVECAN ID: CVE-2 0 1 5-5 2 4 5 The Ceph Object Gateway is constructed in the librados on top of the object storage interface, you can make the application through a RESTful gateway to access the distributed storage system Ceph Storage Clusters. Ceph 0.94.4 before the version, Ceph Object Gateway,...

CVE-2015-5245

CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...

RHEL 7 : Red Hat Ceph Storage 1.3.1 (RHSA-2015:2066)

Red Hat Ceph Storage 1.3.1 that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 1.3.1 security, bug fix, and enhancement update

Red Hat Ceph Storage 1.3.1 that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 1.3.1 security, bug fix, and enhancement update

Red Hat Ceph Storage 1.3.1 that fixes one security issue, multiple bugs, and adds various enhancements is now available for Ubuntu 14.04. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

GetHead - HTTP Header Analysis Vulnerability Tool

gethead.py is a Python HTTP Header Analysis Vulnerability Tool. It identifies security vulnerabilities and the lack of protection in HTTP Headers. Usage: $ python gethead.py http://domain.com Changelog Version 0.1 - Initial Release Written in Python 2.7.5 Performs HTTP Header Analysis Reports...

Server side request forgery (ssrf)

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...

CVE-2015-7816

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...

Google Golang Go HTTP Header Injection Vulnerability

Google Golang Go is a programming language optimized for programming applications on multiprocessor systems by Google. An HTTP header injection vulnerability exists in Google Golang Go. An attacker can exploit this vulnerability to inject arbitrary HTTP headers into the server response, bypass...

HackerOne: HTTP header injection in info.hackerone.com allows setting cookies for hackerone.com

The subdomain info.hackerone.com is vulnerable to HTTP header injection. I'm aware that you are only interested in critical issues affecting this subdomain. However, you may be interested in this issue as a vulnerability in this domain may affect the domain hackerone.com. The vulnerability is a...

Apple Mac OS X Web Service component (HTTP header) Security Bypass Vulnerability

Apple Mac OS X is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:apple:osxserver";...

CVE-2015-5178

CVE-2015-5178 affects Red Hat JBoss Enterprise Application Platform (EAP) / WildFly up to version 6.4.3 where the Management Console did not send X-Frame-Options, enabling clickjacking via a crafted page containing a FRAME/IFRAME. Remediation per RHSA-2015:1906 is to upgrade to 6.4.4 (EAP/WildFly...

CVE-2015-5178

The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly formerly JBoss Application Server does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a 1 FRAME or 2...

CVE-2015-5251

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...

Mac OS X : OS X Server < 5.0.15 Multiple Vulnerabilities

The remote Mac OS X host has a version of OS X Server installed that is prior to 5.0.15. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists due to an assertion flaw that is triggered when parsing malformed DNSSEC keys. An unauthenticated, remo...

Re: CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android

CVE-2015-5204: HTTP header injection vulnerability in Apache Cordova File Transfer Plugin for Android Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Cordova Android File Transfer Plugin 1.2.1 and below Description: Android applications built with the Cordova framework...

CVE-2015-7031

The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors...

Design/Logic Flaw

The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors...

CVE-2015-7031

The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors...

PT-2016-12: HTTP Header Injection in VMware vCenter Server and ESXi

The specialists of the Positive Research center have detected an HTTP Header Injection vulnerability in VMware vCenter Server and ESXi. The application does not properly sanitize user input before using it in HTTP response headers that allows a malicious user to inject arbitrary headers into HTTP...