Unspecified vulnerability in https-proxy-agent

https-proxy-agent is an implementation of an HTTP or HTTPS proxy. A security vulnerability exists in https-proxy-agent. An attacker can exploit this vulnerability to cause a denial of service and disclose memory...

https-proxy-agent memory leak vulnerability

https-proxy-agent is an implementation of an HTTP or HTTPS proxy. A security vulnerability exists in https-proxy-agent versions prior to 2.1.1, which stems from a failure of the program to perform proper filtering. An attacker can exploit this vulnerability by submitting input e.g. JSON to the...

CVE-2018-3739

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter e.g. JSON...

Design/Logic Flaw

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter e.g. JSON...

CVE-2018-3739

CVE-2018-3739 affects the Node.js https-proxy-agent module. The root cause is passing the auth option to the Buffer constructor without proper sanitization, enabling a remote attacker to cause denial of service and memory leak through crafted input in the auth parameter (e.g., JSON). Reported in ...

Denial of Service

Overview Versions of https-proxy-agent before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options proxy.auth being passed to Buffer. Recommendation Update to version 2.2.0 or later. References - index.js Line 207 - HackerOne Report - GitHub Advisory...

Node.js third-party modules: `https-proxy-agent` passes unsanitized options to Buffer(arg), resulting in DoS and uninitialized memory leak

I would like to report a Buffer allocation vulnerability in https-proxy-agent. In setups where auth argument is user-controlled, it allows to: 1. cause Denial of Service by trivially consuming all the available CPU resources 2. extract uninitialized memory chunks from the server on Node.js This...

Free and Open Source Interactive HTTPS Proxy: mitmproxy

mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of...

Hardcoded credentials

The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service service outage by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840...

CVE-2016-1288

CVE-2016-1288 affects Cisco Web Security Appliance (WSA) via the HTTPS Proxy/HTTPS packet handling. Cisco AsyncOS prior to 8.5.3-051 and 9.x prior to 9.0.0-485 are vulnerable to a DoS when an unauthenticated remote attacker sends a malformed HTTPS request, causing service outages. The issue stems...

Use integrated Windows Auth for Proxy Authentication

Hi, I'm looking to secure access to the internet via an authenticated proxy and would like to avoid username passwords within init strings. https://confluence.atlassian.com/display/JIRAKB/How+to+Configure+an+Outbound+HTTP+and+HTTPS+Proxy+for+JIRA describes a scenario where this may be possible,...

Microsoft Internet Explorer 8/9 - Steal Any Cookie

Exploit Title: Internet Explorer 8 & Internet Explorer 9 steal any Cookie Date: 27.01.2013 Exploit Author: Christian Haider; Email: christian.haider.poc @ gmail dot com; linkedin: http://www.linkedin.com/in/chrishaider Category: remote Vendor Homepage: http://www.microsoft.com Version: IE 8, IE 9...

Apple Safari 3.1之前版本多个安全漏洞

BUGTRAQ ID: 28290 CVECAN ID: CVE-2008-1011,CVE-2008-1010,CVE-2008-1009,CVE-2008-1008,CVE-2008-1007,CVE-2008-1006,CVE-2008-1005,CVE-2008-1004,CVE-2008-1003,CVE-2008-1002,CVE-2008-1001,CVE-2008-0050 Safari是苹果家族操作系统默认所捆绑的WEB浏览器。 Safari的3.1版修复了多个安全漏洞，具体如下： CVE-2008-0050 恶意的HTTPS代理服务器可能在502 Bad...

CVE-2008-0050

CVE-2008-0050 : The issue affects CFNetwork in Apple Mac OS X 10.4.11. A remote HTTPS proxy server can spoof secure websites by embedding data in a 502 Bad Gateway response, potentially misleading users about the authenticity of the site. The available description states the vulnerability and its...

CVE-2008-0050

CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error...

elinks reveals POST data to HTTPS proxy

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...

Moderate: elinks security update

0.9.2-3.3.5.2 - fix elinks-0.9.2-httpspostdata.patch 303881 0.9.2-3.3.5.1 - fix 297611 - CVE-2007-5034 elinks reveals POST data to HTTPS proxy 0.9.2-3.3 - fix 215731 - elinks smb protocol arbitrary file access...

[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure

------------------------------------------------------------------------ Debian Security Advisory DSA 1380-1 [email protected] http://www.debian.org/security/ Steve Kemp October 2nd, 2007 http://www.debian.org/security/faq -...

DSA-1380-1 elinks - information disclosure

Bulletin has no description...

CVE-2007-5034

ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy ...