CVE-2015-5741

CVE-2015-5741 : The Go net/http implementation (net/http/transfer.go) before 1.4.3 fails to correctly parse HTTP headers, enabling remote attackers to perform HTTP request smuggling via requests containing both Content-Length and Transfer-Encoding. This is documented across multiple sources in th...

CVE-2015-5741

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields...

[SECURITY] Fedora 31 Update: mingw-libsoup-2.68.0-1.fc31

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerabilities (CVE-2019-9512, CVE-2019-9514)

Summary IBM Cloud Kubernetes Service is affected by security vulnerabilities in the net/http library of the Go language that affects all Kubernetes components. These vulnerabilities can result in a denial-of-service attack against a process with an HTTP or HTTPS listener CVE-2019-9512 and...

USN-3990-2: urllib3 vulnerability

USN-3990-1 fixed a vulnerability in urllib3. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection...

Debian: Security Advisory (DLA-1828-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1828-1 : python-urllib3 security update

A vulnerability was discovered in python-urllib3, an HTTP library with thread-safe connection pooling, whereby an attacker can inject CRLF characters in the request parameter. For Debian 8 'Jessie', this problem has been fixed in version 1.9.1-3+deb8u1. We recommend that you upgrade your...

Nextcloud: Linux client is vulnerable to directory traversal when downloading files

Summary The Nextcloud Linux client is vulnerable to directory traversal when downloading files from a Nextcloud server. A malicious Nextcloud administrator can exploit the vulnerability to write arbitrary files to a user computers with the potential for remote command execution under certain...

USN-3990-1: urllib3 vulnerabilities

It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. CVE-2018-20060 It was discovered that...

[SECURITY] Fedora 30 Update: libsoup-2.66.1-2.fc30

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

Microsoft Azure IoT SDK Spoofing Vulnerability

Microsoft Windows is a family of operating systems released by Microsoft Corporation.Microsoft Azure Active Directory Connect is a service from Microsoft Corporation that provides identity and access management in the cloud. A spoofing vulnerability exists in the configuration of Azure IoT device...

The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

The version of the bundled atlassian-http library was vulnerable to content-spoofing. See https://jira.atlassian.com/browse/HTTP-3 for more details...

The bundled atlassian-http library had a content spoofing issue - CVE-2017-18103

The version of the bundled atlassian-http library was vulnerable to content-spoofing. See https://jira.atlassian.com/browse/HTTP-3 for more details...

Debian: Security Advisory (DLA-1416-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4241-1] libsoup2.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4241-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2018 https://www.debian.org/security/faq -...

[SECURITY] Fedora 27 Update: libsoup-2.60.3-2.fc27

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

Debian: Security Advisory (DSA-4241-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-16097

tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2018-8715

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types...

Authentication flaw

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types...