Lucene search
+L

22 matches found

nvd
nvd
added 2026/03/10 7:43 a.m.10 views

CVE-2026-28432

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

7.5CVSS0.00148EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/09 9:19 p.m.1 views

CVE-2026-28432

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

7.1CVSS5.8AI score0.00148EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.13 views

EUVD-2018-0766

Malware in sbrugna...

7.5CVSS7.4AI score0.00857EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-31889

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01824EPSS
Exploits1References4
nessus
nessus
added 2025/03/05 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2021-45098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of...

7.5CVSS7.1AI score0.01824EPSS
Exploits1References2
nessus
nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2017-16005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Http-signature is a Reference implementation of Joyent's HTTP Signature Scheme. In versions =0.9.11, http-signature signs only the header values, but not the...

7.5CVSS7.3AI score0.00857EPSS
Exploits0References2
nessus
nessus
added 2024/06/03 12:0 a.m.10 views

RHEL 8 : nodejs-http-signature (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-http-signature: HTTP header forgery CVE-2017-16005 Note that Nessus has not tested for this issue but has...

7.5CVSS7.4AI score0.00857EPSS
Exploits0References1
nessus
nessus
added 2024/05/11 12:0 a.m.16 views

RHEL 8 : nodejs-http-signature (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-http-signature: HTTP header forgery CVE-2017-16005 Note that Nessus has not tested for this issue but has...

7.6AI score0.00857EPSS
Exploits0References1
prion
prion
added 2021/12/16 5:15 a.m.19 views

Design/Logic Flaw

An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option...

5CVSS7.5AI score0.01824EPSS
Exploits1References4Affected Software2
redhatcve
redhatcve
added 2019/10/12 3:49 a.m.25 views

CVE-2017-16005

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

7.5CVSS1.3AI score0.00857EPSS
Exploits0References2
osv
osv
added 2018/11/09 5:49 p.m.19 views

GHSA-Q257-VV4P-FG92 Header Forgery in http-signature

Affected versions of http-signature contain a vulnerability which can allow an attacker in a privileged network position to modify header names and change the meaning of the request, without requiring an updated signature. This problem occurs because vulnerable versions of http-signature sign the...

7.5CVSS7.2AI score0.00857EPSS
Exploits0References4
github
github
added 2018/11/09 5:49 p.m.33 views

Header Forgery in http-signature

Affected versions of http-signature contain a vulnerability which can allow an attacker in a privileged network position to modify header names and change the meaning of the request, without requiring an updated signature. This problem occurs because vulnerable versions of http-signature sign the...

7.5CVSS7.1AI score0.00857EPSS
Exploits0References4Affected Software1
cnvd
cnvd
added 2018/06/15 12:0 a.m.14 views

Unspecified vulnerability in Http-signature

Http-signature is a library that includes client and server components with the Joyent HTTP signature scheme. A security vulnerability exists in Http-signature version 0.9.11 and earlier. An attacker can exploit this vulnerability by intercepting a request and replacing the packet header name and...

7.5CVSS7.5AI score0.00857EPSS
Exploits0References1
osv
osv
added 2018/06/04 7:29 p.m.13 views

CVE-2017-16005

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

7.5CVSS7.6AI score
Exploits0References2
nvd
nvd
added 2018/06/04 7:29 p.m.29 views

CVE-2017-16005

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

7.5CVSS7.4AI score0.00857EPSS
Exploits0References2
prion
prion
added 2018/06/04 7:29 p.m.17 views

Design/Logic Flaw

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

5CVSS7.3AI score0.00857EPSS
Exploits0References2Affected Software1
debiancve
debiancve
added 2018/06/04 7:0 p.m.39 views

CVE-2017-16005

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

7.5CVSS7.3AI score0.00857EPSS
Exploits0
cvelist
cvelist
added 2018/06/04 7:0 p.m.23 views

CVE-2017-16005

Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions =0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header...

7.4AI score0.00857EPSS
Exploits0References2
cve
cve
added 2018/06/04 7:0 p.m.82 views

CVE-2017-16005

CVE-2017-16005 affects the http-signature library (Joyent's HTTP Signature Scheme). In versions ≤ 0.9.11, signatures cover only header values, not header names, enabling header forgery if an attacker can intercept a request and swap header names without invalidating the signature. This can allow ...

7.5CVSS7.2AI score0.00857EPSS
Exploits0References2Affected Software1
nodejs
nodejs
added 2017/03/08 9:41 p.m.43 views

Header Forgery

Overview Affected versions of http-signature contain a vulnerability which can allow an attacker in a privileged network position to modify header names and change the meaning of the request, without requiring an updated signature. This problem occurs because vulnerable versions of http-signature...

5CVSS2.3AI score0.00857EPSS
Exploits0Affected Software1
Rows per page
Query Builder