22 matches found
CVE-2026-28432
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...
CVE-2026-28432
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...
EUVD-2018-0766
Malware in sbrugna...
EUVD-2021-31889
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-45098
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of...
Linux Distros Unpatched Vulnerability : CVE-2017-16005
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Http-signature is a Reference implementation of Joyent's HTTP Signature Scheme. In versions =0.9.11, http-signature signs only the header values, but not the...
RHEL 8 : nodejs-http-signature (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-http-signature: HTTP header forgery CVE-2017-16005 Note that Nessus has not tested for this issue but has...
RHEL 8 : nodejs-http-signature (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-http-signature: HTTP header forgery CVE-2017-16005 Note that Nessus has not tested for this issue but has...
Design/Logic Flaw
An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option...
CVE-2017-16005
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...
Header Forgery in http-signature
Affected versions of http-signature contain a vulnerability which can allow an attacker in a privileged network position to modify header names and change the meaning of the request, without requiring an updated signature. This problem occurs because vulnerable versions of http-signature sign the...
GHSA-Q257-VV4P-FG92 Header Forgery in http-signature
Affected versions of http-signature contain a vulnerability which can allow an attacker in a privileged network position to modify header names and change the meaning of the request, without requiring an updated signature. This problem occurs because vulnerable versions of http-signature sign the...
Unspecified vulnerability in Http-signature
Http-signature is a library that includes client and server components with the Joyent HTTP signature scheme. A security vulnerability exists in Http-signature version 0.9.11 and earlier. An attacker can exploit this vulnerability by intercepting a request and replacing the packet header name and...
Design/Logic Flaw
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...
CVE-2017-16005
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...
CVE-2017-16005
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...
CVE-2017-16005
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...
CVE-2017-16005
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...
CVE-2017-16005
CVE-2017-16005 affects the http-signature library (Joyent's HTTP Signature Scheme). In versions ≤ 0.9.11, signatures cover only header values, not header names, enabling header forgery if an attacker can intercept a request and swap header names without invalidating the signature. This can allow ...
Header Forgery
Overview Affected versions of http-signature contain a vulnerability which can allow an attacker in a privileged network position to modify header names and change the meaning of the request, without requiring an updated signature. This problem occurs because vulnerable versions of http-signature...