Tenable SecurityCenter 5.19.x / 5.20.x / 5.21.0 Multiple Vulnerabilities (TNS-2022-14)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 5.19.x, 5.20.x, or 5.21.0 and is therefore affected by multiple vulnerabilities: - The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an...

USN-5487-3: Apache HTTP Server regression

USN-5487-1 fixed several vulnerabilities in Apache HTTP Server. Unfortunately it caused regressions. USN-5487-2 reverted the patches that caused the regression in Ubuntu 14.04 ESM for further investigation. This update re-adds the security fixes for Ubuntu 14.04 ESM and fixes two different...

USN-5487-2: Apache HTTP Server regression

USN-5487-1 fixed several vulnerabilities in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations on Ubuntu 14.04 ESM. This update reverts those changes till further fix. We apologize for the inconvenience. Original advisory...

WordPress plugin WP-EMail has an unspecified vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress plugin WP-EMail version 2.69.0 has a security vulnerability that stems from obtaining a...

Ubuntu: Security Advisory (USN-5487-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5487-1: Apache HTTP Server vulnerabilities

It was discovered that Apache HTTP Server modproxyajp incorrectly handled certain crafted request. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-26377 It was discovered that Apache HTTP Server incorrectly handled certain request. An attacker...

CVE-2022-1614

CVE-2022-1614 affects the WP-EMail WordPress plugin up to version 2.69.0. The root cause is that the plugin prioritizes obtaining a visitor IP from certain HTTP headers (e.g., HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR) over PHP’s REMOTE_ADDR, enabling an attacker to bypass IP-based anti-spam restricti...

Apache HTTP Server Data Forgery Issue Vulnerability (CNVD-2022-73123)

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server is vulnerable to a data forgery issue that stems from modproxy's X-Forwarded-For hop-by-hop mechanism discard. An attacker could use this vulnerability to bypass IP-based authentication on the source...

CVE-2022-31813

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...

ALPINE-CVE-2022-31813

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...

CVE-2022-31813

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...

CVE-2022-31813 mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...

Apache HTTP Server 数据伪造问题漏洞

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server is vulnerable to a data forgery issue that stems from modproxy's X-Forwarded-For hop-by-hop mechanism discard. An attacker could use this vulnerability to bypass IP-based authentication on the source...

CVE-2021-20151

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device. The router's management software manages web sessions based on IP address rather than verifying client cookies/session tokens/etc. This allows an attacker whether from a different computer,...

Courier: [3] Bypassing IP Based Rate Limit Blocking leads to rate limit bypass in Courier Login Panel

Hi team, I would like to report rate limit issue based on IP blocking mechanism. Rate-limitation nowadays is not effective anymore to protect against brute-force. There are many botnets out there which can be used to overcome this hurdle, as well as cloud VPS services e.g. Amazon AWS EIPs, Digita...

[ASA-202106-41] python-django: multiple issues

Arch Linux Security Advisory ASA-202106-41 ========================================== Severity: Medium Date : 2021-06-15 CVE-ID : CVE-2021-33203 CVE-2021-33571 Package : python-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2026 Summary ======= The package...

EasyFTP Server 1.7.0.11 Denial Of Service

!/usr/bin/python e-mail: [email protected] Date: 06/10/2021 - 10 jun Version Vulnerable: EasyFTP Server 1.7.0.11 - 'XRMD' Denied of Service OS Tested: Windows XP PACK 3 Brazilian import socket import sys if lensys.argv != 2: print "" print " " print " EasyFTP Server 1.7.0.11 - 'XRMD'...

UPchieve: CORS Misconfiguration, could lead to disclosure of sensitive information

Summary: Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. Description: An HTML5 cross-origin resource sharing CORS policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy ...

DEBIAN-CVE-2021-29424

The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

DEBIAN-CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...