AppWeb Authentication Bypass (Digest, Basic and Forms)(CVE-2018-8715)

Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible to bypass the authentication for form and...

CVE-2018-8715

CVE-2018-8715 affects Embedthis HTTP library and Appweb versions before 7.0.3. The vulnerability resides in the authentication flow (authCondition in httpLib.c): when authentication is required, the code may proceed to call httpGetCredentials and httpLogin, and due to a logic flaw it can bypass a...

CVE-2015-5739

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."...

CVE-2015-5739

The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."...

CVE-2015-5740

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers...

CVE-2015-5740

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request with two Content-length headers...

[SECURITY] Fedora 25 Update: mingw-libsoup-2.56.1-1.fc25

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

[SECURITY] Fedora 26 Update: mingw-libsoup-2.58.2-1.fc26

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

[SECURITY] Fedora 25 Update: libsoup-2.56.1-1.fc25

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

[SECURITY] Fedora 26 Update: libsoup-2.58.2-1.fc26

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

Debian DSA-3929-1 : libsoup2.4 - security update

Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer overflow vulnerability in libsoup2.4, a HTTP library implementation in C. A remote attacker can take advantage of this flaw by sending a specially crafted HTTP request to cause an application using the libsoup2.4 library to crash...

Debian: Security Advisory (DSA-3929-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

vmware-version NSE Script

Queries VMware server vCenter, ESX, ESXi SOAP API to extract the version information. The same script as VMware Fingerprinter from VASTO created by Claudio Criscione, Paolo Canaletti Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size,...

golang: HTTP request smuggling in net/http library

HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error the second field is ignored, and invalid fields are parsed as valid for example, "Content Length:" with a space in the...

Amazon Linux: Security Advisory (ALAS-2015-588)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 3146-1] requests security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3146-1 [email protected] http://www.debian.org/security/ Sebastien Delafond January 30, 2015 http://www.debian.org/security/faq -...

DSA-3146-1 requests - security update

Bulletin has no description...

[SECURITY] Fedora 21 Update: python-requests-kerberos-0.6-1.fc21

Requests is an HTTP library, written in Python, for human beings. This libr ary adds optional Kerberos/GSSAPI authentication support and supports mutual authentication...

USN-2382-1: Requests vulnerabilities

Jakub Wilk discovered that Requests incorrectly reused authentication credentials after being redirected. An attacker could possibly use this issue to obtain authentication credentials intended for another site. CVE-2014-1829, CVE-2014-1830...

UBUNTU-CVE-2013-1752

Rejected reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service memory consumption via a long string, related to 1 httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; 2 ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; 3 imaplib - not y...