117 matches found
EUVD-2020-12751
Malware in sbrugna...
EUVD-2023-2224
Malicious code in bioql PyPI...
Exploit for CVE-2025-8671
PoC-CVE-2025-8671-MadeYouReset-HTTP-2 PoC para validar vulnera...
RHEL 7 : haproxy (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - haproxy: data leak via fcgi requests CVE-2023-0836 - An uncontrolled resource consumption vulnerability w...
RHEL 8 / 9 : OpenShift Container Platform 4.14.4 (RHSA-2023:7473)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7473 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
Moderate: Red Hat Security Advisory: haproxy security update
An update for haproxy is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
ALSA-2024:1142 Moderate: haproxy security update
The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: Proxy forwards malformed empty Content-Length headers CVE-2023-40225 haproxy: untrimmed URI fragments may lead to exposure of confidential data on static...
Moderate: haproxy security update
The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy: Proxy forwards malformed empty Content-Length headers CVE-2023-40225 haproxy: untrimmed URI fragments may lead to exposure of confidential data on static...
rubygem-puma: HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers
An HTTP request smuggling attack vulnerability was found in Rubygem Puma. This flaw allows an attacker to gain unauthorized access to sensitive data due to an inconsistent interpretation of HTTP requests...
EulerOS 2.0 SP9 : haproxy (EulerOS-SA-2023-2897)
According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and...
EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2023-3008)
According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and...
SUSE-SU-2023:3957-1 Security update for rubygem-puma
This update for rubygem-puma fixes the following issues: - CVE-2023-40175: Fixed HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers bsc1214425...
Medium: haproxy
Issue Overview: HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind...
Ubuntu 20.04 LTS : HAProxy vulnerability (USN-6294-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6294-2 advisory. USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Tenable has extracted the preceding description...
USN-6294-1 haproxy vulnerability
Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the payload and bypass certain restrictions...
USN-6294-1: HAProxy vulnerability
Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length headers. A remote attacker could possibly use this issue to manipulate the payload and bypass certain restrictions...
CVE-2023-40225
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpre...
CVE-2023-40225
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpre...
CVE-2023-34188
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests...
K10002140: Eclipse Jetty vulnerabilities CVE-2017-7657 and CVE-2017-7658
Security Advisory Description In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk...