CVE-2024-23316

HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests...

CVE-2024-6834

APIML Spring Cloud Gateway is affected by a vulnerability where proxy requests are unexpectedly signed with Zowe’s client certificate, allowing non-privileged users to access endpoints that require an internal client certificate without any credentials. This can enable an attacker to manage compo...

CVE-2024-6834 Imperative Local Command Injection allows Activity Masking

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...

CVE-2024-6834 Imperative Local Command Injection allows Activity Masking

A vulnerability in APIML Spring Cloud Gateway which leverages user privileges by unexpected signing proxied request by Zowe's client certificate. This allows access to a user to the endpoints requiring an internal client certificate without any credentials. It could lead to managing components in...

GHSA-XFFP-6W68-4775 Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`

The Zend\Http\PhpEnvironment\RemoteAddress class provides features around detecting the internet protocol IP address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into accou...

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

CVE-2007-6693

Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."...

CVE-2007-6693

Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."...

Server side request forgery (ssrf)

Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."...

CVE-2007-6693

Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."...

CVE-2007-6693

CVE-2007-6693 affects Menalto Gallery’s WebCam module prior to version 2.2.4, tied to a proxied request vulnerability. Connected sources (GLSA 200802-04) describe multiple Gallery vulnerabilities (CVE-2007-6685..6693) with remote code execution, XSS, and CSRF potential; advisory recommends upgrad...