IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.14 / 9.0.x < 9.0.0.8 Information Disclosure (CVE-2012-5783)

The IBM WebSphere Application Server running on the remote host is version 7.0.0.x through 7.0.0.45, 8.0.0.x through 8.0.0.15, 8.5.0.x prior to 8.5.5.14 or 9.0.x prior to 9.0.0.8. It is, therefore, affected by an information disclosure vulnerability in the Apache Commons HttpClient subcomponent d...

DSA-4772-1 httpcomponents-client - security update

Bulletin has no description...

Validation Bypass

httpclient is vulnerable to validation bypass. A malformed authority component in the request URIs that is passed to the library as java.net.URI object would result in the request execution for a wrong target host...

Apache HttpClient Information Disclosure Vulnerability

HttpClient is the United States Apache Apache Software Foundation of a Java written to access HTTP resources client program. The program is used to access network resources using the HTTP protocol. Apache HttpClient suffers from an information disclosure vulnerability that arises from errors such...

PT-2020-6898 · Apache +8 · Apache Httpclient +8

Name of the Vulnerable Software and Affected Versions: Apache HttpClient versions prior to 4.5.13 and 5.0.3 Description: The issue is related to the insufficient validation of input data in Apache HttpClient, which can lead to misinterpretation of malformed authority components in request URIs...

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Jenkins 2.56 CLI Deserialization / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins CLI Deserialization', 'Description' = %q An unauthenticated Java object deserialization vulnerability exists in the CLI component for...

Jenkins 2.56 CLI Deserialization / Code Execution Exploit

An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data...

Moderate Photon OS Security Update - PHSA-2020-0141

Updates of 'commons-httpclient', 'openssl' packages of Photon OS have been released...

Moderate Photon OS Security Update - PHSA-2020-3.0-0141

Updates of 'openssl', 'commons-httpclient' packages of Photon OS have been released...

Fedora 32 : php-symfony4 (2020-16eb328853)

Version 4.4.13 2020-09-02 - security CVE-2020-15094 Remove headers with internal meaning from HttpClient responses mpdude - bug 38024 Console Fix undefined index for inconsistent command name definition chalasr - bug 38023 DI fix inlining of non-shared services nicolas-grekas - bug 38020...

CVE-2020-15094

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially...

Design/Logic Flaw

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially...

CVE-2020-15094: Prevent RCE when calling untrusted remote with CachingHttpClient

Affected versions Symfony 4.3, 4.4.0 to 4.4.12, 5.0, and 5.1.0 to 5.1.4 versions of the Symfony HttpClient component are affected by this security issue. The issue has been fixed in Symfony 4.4.13 and 5.1.5. Symfony 4.3 and 5.0 won't be patched as they are not maintained anymore. Description The...

Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Exploit

Exploit for php platform in category web applications !/usr/bin/env ruby Title: Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Author: noraj Alexandre ZANNI Author website: https://pwn.by/noraj/ Date: 2020-08-16 Vendor Homepage: https://www.bludit.com/ Software Link:...

Bludit 3.9.2 Authentication Bruteforce Mitigation Bypass

!/usr/bin/env ruby Title: Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Author: noraj Alexandre ZANNI Author website: https://pwn.by/noraj/ Date: 2020-08-16 Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/3.9.2.tar.gz Version: = 3.9.2...

Apache OFBiz XML-RPC Java Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache OFBiz XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Apache OFBiz's...

CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or value...

CVE-2020-15694

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get.contentLength does not raise any error if a malicious server provides a negative Content-Length...

CVE-2020-15694

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get.contentLength does not raise any error if a malicious server provides a negative Content-Length...