HTTP/HTTPS proxy support on NetScaler based on Traffic Policies Secure Web

This article describes how to configure NetScaler to proxy the traffic from MDX apps through a Proxy server like Squid, Bluecoat. Enterprises can proxy traffic configuring simple traffic rules on NetScaler box...

Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack

A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said th...

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js http-proxy module denial of service

Summary Node.js http-proxy module is vulnerable to a denial of service. By sending a specially crafted HTTP request with an overly long body, a remote attacker could exploit this vulnerability to trigger an ERRHTTPHEADERSSENT unhandled exception and crash the server. Vulnerability Details Third...

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) Multiple Vulnerabilities (000253095)

The Trend Micro InterScan Web Security Virtual Appliance is affected by multiple vulnerabilities : - A path traversal vulnerability exists in the Apache Solr application due to improper validation of a user-supplied path prior to using it in file operations when parsing the file parameter in an...

Lazarus Group Surfaces with Advanced Malware Framework

The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems. Kaspersky researchers uncovered a series of attacks utilizing MATA so-called because the malware authors themselves call...

CVE-2020-6868

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation...

CVE-2020-6868

There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation...

CVE-2020-6868

The CVE-2020-6868 entry concerns a ZTE F680 PON gateway (V9.0.10P1N6) with an input validation flaw in the WAN-connection creation interface exposed via WEB management. The front-end enforces a length limit on the WAN connection name, but an HTTP proxy can bypass this limit, allowing an attacker ...

Denial Of Service (DoS)

http-proxy is vulnerable to denial of service DoS. The vulnerability exists when an attacker sends an HTTP request with a long body, resulting in an unhandled exception ERRHTTPHEADERSSENT and crashing the proxy server...

CVE-2020-5883

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTPPROXYREQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak...

[SECURITY] Fedora 30 Update: haproxy-1.8.25-1.fc30

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists as the same-origin policy in Firefox treated http://example.com and http://example.com as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information such as a client's IP and us...

Denial Of Service (DoS)

php is vulnerable to denial of service DoS. The vulnerability exists as a bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL...

CVE-2019-10196

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

[SECURITY] [DLA 2163-1] tinyproxy security update

Package : tinyproxy Version : 1.8.3-3+deb8u1 CVE ID : CVE-2017-11747 Debian Bug : 870307 948283 A minor security issue and a severe packaging bug have been fixed in tinyproxy, a lightweight http proxy daemon. CVE-2017-11747 main.c in Tinyproxy created a /var/run/tinyproxy/tinyproxy.pid file after...

CVE-2019-11070

WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, or Smooth Streaming, an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded...

DEBIAN-CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

Security Bulletin: Rational Integration Tester HTTP/TCP Proxy component in Rational Test Virtualization Server and Rational Test Workbench affected by Netty vulnerabilities (CVE-2020-7238, CVE-2019-16869, CVE-2019-20445, CVE-2019-20444)

Summary Netty is vulnerable to security issues affecting the Rational Integration Tester HTTP/TCP Proxy component in Rational Test Virtualization Server and Rational Test Workbench Vulnerability Details CVEID: CVE-2020-7238 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a...

Denial of Service

Overview Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERRHTTPHEADERSSENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the...

Design/Logic Flaw

HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic t...