CVE-2025-66596

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows:...

EUVD-2008-6876

Malware in sbrugna...

OESA-2024-1581 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small...

GHSA-HGXW-5XG3-69JX @hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed

Impact The application hangs when receiving a Host header with a value that @hono/node-server can't handle well. Invalid values are those that cannot be parsed by the URL as a hostname such as an empty string, slashes /, and other strings. For example, if you have a simple application: ts import...

CVE-2024-32652

Summary: CVE-2024-32652 affects the Node.js adapter @hono/node-server. Before version 1.10.1, handling of invalid Host header values (e.g., empty strings or values not parseable as a hostname) could cause the application to hang via an Invalid URL error. The advisory states that 1.10.1 fixes the ...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3178)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Open Redirect

rails is vulnerable to open redirects. The X-Forwarded-Host HTTP header is always trusted, allowing a malicious user to pass an invalid host header to redirect a user to a malicious URL...

squid DoS

Crash on invalid Host: header...

Authentication flaw

Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname...

CVE-2008-6916

Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname...

CVE-2008-6916

CVE-2008-6916 affects Siemens SpeedStream 5200 with NetPort Software 1.1. The issue is an authentication bypass that can be triggered by an invalid Host header, possibly involving a trailing dot in the hostname. The NVD entry reports a high risk with CVSS v2 base score 10.0 (Network, low access c...

CVE-2005-1112

IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages .jsp via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the...