CVE-2011-4968

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack MITM...

CVE-2011-4968

CVE-2011-4968 concerns the nginx http proxy module failing to verify the peer identity of the HTTPS origin server, enabling potential MITM attacks. The vulnerability is described as an information-security issue in the nginx proxy component where TLS peer verification is not performed for upstrea...

Design/Logic Flaw

An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...

CVE-2019-17598

CVE-2019-17598 affects Lightbend Play Framework (2.5.x–2.6.23) and its play-ws component. When configured to proxy requests through an authenticated HTTP proxy, under high load, HTTPS connections to a target host may reveal proxy credentials to that host. Impact is information disclosure; details...

Virtuozzo 6 : java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc (VZLSA-2019-3158)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

Authentication Bypass

OpenJDK is vulnerable to authentication bypass. The vulnerability exists through incorrect handling of HTTP proxy responses in HttpURLConnection...

Denial Of Service (DoS)

https-proxy-agent is vulnerable to denial of service. Lack of proper sanitization in the auth option allows an attacker to crash the application by submitting a malicious typed input to the auth parameter, causing an uninitialized memory leak...

Konan - Advanced Web Application Dir Scanner

Konan is an advanced open source tool designed to brute force directories and files names on web/application servers. Installation Download Konan by cloning the Git repository: git clone https://github.com/m4ll0k/Konan.git konan Install requirements with pip cd konan && pip install -r...

GHSA-8W57-JFPM-945M Denial of Service in http-proxy-agent

Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer. An attacker may leverage these unsanitized options to consume system resources. Recommendation Update to version 2.1.0 or later...

Denial of Service in http-proxy-agent

Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer. An attacker may leverage these unsanitized options to consume system resources. Recommendation Update to version 2.1.0 or later...

@abhishekdeb/ezmailer (>=0.0.1 <=0.0.2), @aca-1/a2-composer (>=0.1.0 <=0.3.3) +918 more potentially affected by unknown CVE via http-proxy-agent (>=0.2.7 <=2.0.0)

http-proxy-agent NPM version =0.2.7, =0.0.1, =0.1.0, =0.1.0, =0.1.5, =0.0.1, =1.0.0, =1.0.0, =1.0.1, =0.15.0-alpha1, =0.2.0, =0.2.1 - @cdevine49/react-numeric-input =2.2.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8W57-JFPM-945M...

Cyberoam SSLVPN Client 1.3.1.30 Connect To Server / HTTP Proxy Denial Of Service Exploit

Exploit Title: Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/CrSSLv1.3.1.30.zip Tested Version: 1.3.1.30 Tested on: Windows...

Cyberoam SSLVPN Client 1.3.1.30 - (HTTP Proxy) Denial of Service Exploit

Exploit Title: Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/CrSSLv1.3.1.30.zip Tested Version: 1.3.1.30 Tested on: Windows Windows ...

Cyberoam SSLVPN Client 1.3.1.30 - HTTP Proxy Denial of Service (PoC)

Cyberoam SSLVPN Client 1.3.1.30 - HTTP Proxy Denial of Service PoC Exploit Title: Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-23 Vendor Homepage: https://www.cyberoam.com Software Link:...

Cyberoam SSLVPN Client 1.3.1.30 Connect To Server / HTTP Proxy Denial Of Service

Exploit Title: Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-23 Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/CrSSLv1.3.1.30.zip Tested Version:...

Cyberoam SSLVPN Client 1.3.1.30 - &#039;HTTP Proxy&#039; Denial of Service (PoC)

Exploit Title: Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-23 Vendor Homepage: https://www.cyberoam.com Software Link: https://download.cyberoam.com/solution/optionals/i18n/CrSSLv1.3.1.30.zip Tested Version: 1.3.1.30...

CVE-2019-4119

IBM Cloud Private Kubernetes API server versions 2.1.x and 3.1.x (3.1.0, 3.1.1, 3.1.2) can be used as an HTTP proxy to reach internal and external target IPs. The root cause is an input/proxy handling issue that allows proxying beyond intended scope. Remediation per IBM’s bulletin: upgrade to IBM...

CVE-2019-4119

IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145...

CVE-2019-6158

An internal product security audit of Lenovo XClarity Administrator LXCA discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x...