CVE-2022-29188

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

Server side request forgery (ssrf)

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

CVE-2022-29188

CVE-2022-29188 FFECT: Smokescreen’s HTTP proxy could bypass its deny-list when a hostname is wrapped in square brackets (e.g., [example.com]). The issue is limited to the HTTP proxy functionality; HTTPS traffic is unaffected. Concrete details across connected sources confirm the vulnerability exi...

CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...

PT-2022-19440 · Unknown · Smokescreen

Name of the Vulnerable Software and Affected Versions: Smokescreen versions prior to 0.0.4 Description: Smokescreen is an HTTP proxy designed to prevent server-side request forgery SSRF attacks. It also offers a deny list feature to restrict access to external URLs. However, an issue allowed...

GHSA-V646-RX6W-R3QQ Improper Access Control in Apache Tomcat

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

Fedora: Security Advisory for golang-github-grpc-ecosystem-gateway-2 (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-24825

Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an...

CVE-2022-24825 Smokescreen SSRF via deny list bypass

Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an...

CVE-2022-24825

Smokescreen SSRF bypass: The deny-list protection can be bypassed by appending a dot to the end of user-supplied URLs or by using different letter case. This affects the library github.com/stripe/smokescreen; remediation is to upgrade to version 0.0.3 or later. The issue enables bypassing SSRF de...

GHSA-M6CH-GG5F-WXX3 HTTP Proxy header vulnerability

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

CVE-2022-24822

Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74,...

CVE-2022-24801 HTTP Request Smuggling in twisted.web

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...

Apache Traffic Server Input Validation Error Vulnerability (CNVD-2022-41636)

Apache Traffic Server ATS is a set of scalable HTTP proxy and caching servers from the Apache Foundation in the U.S. An input validation error vulnerability exists in Apache Traffic Server versions 8.0.0 through 8.1.3 and 9.0.0 through 9.1.1, which stems from a request parsing incorrect input...

Mageia: Security Advisory (MGASA-2015-0020)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0359)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0262)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-23018

On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel TMM...