Lucene search
K

175 matches found

CVE
CVE
added 2025/07/30 7:57 p.m.20 views

CVE-2025-54581

vproxy CVE-2025-54581 affects versions 2.3.3 and earlier, where untrusted data from the HTTP Proxy-Authorization header can be parsed as a TTL value. If ttl is 0 (e.g., via a username like 'configuredUser-ttl-0'), the modulo operation timestamp % ttl causes a division-by-zero panic, leading to a ...

7.5CVSS6.3AI score0.00541EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/30 7:57 p.m.4 views

CVE-2025-54581 vproxy is vulnerable to a divide by zero DoS attack

vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::tryfrom and flows into parsettlextension where it is parsed as a TTL value. If an attacker supplies a TTL of zero...

7.5CVSS6.3AI score0.00541EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.4 views

vproxy 数字错误漏洞

vproxy is a high performance HTTP/HTTPS/SOCKS5 proxy server software by 0x676e67 individual developer. A numeric error vulnerability exists in vproxy 2.3.3 and earlier versions, which stems from the handling of the Proxy-Authorization header that can lead to a divide-by-zero crash, resulting in a...

7.5CVSS6.3AI score0.00541EPSS
Exploits0References3
OSV
OSV
added 2025/07/11 12:18 p.m.4 views

OESA-2025-1766 etcd security update

%expand: Security Fixes: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.CVE-2025-4673...

6.8CVSS7AI score0.0056EPSS
Exploits0References2
Amazon
Amazon
added 2025/07/10 12:0 a.m.6 views

Medium: oci-add-hooks

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: oci-add-hooks Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn mor...

6.8CVSS7AI score0.0056EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.3 views

TencentOS Server 3: python3.12-urllib3 (TSSA-2024:0793)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0793 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References2
Mageia
Mageia
added 2025/06/09 6:14 p.m.23 views

Updated golang packages fix security vulnerabilities

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of OCREATE|OEXCL on Unix and Windows os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when th...

7.5CVSS6.7AI score0.0056EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/09 12:0 a.m.9 views

NewStart CGSL MAIN 7.02 : python-urllib3 Vulnerability (NS-SA-2025-0073)

The remote NewStart CGSL host, running version MAIN 7.02, has python-urllib3 packages installed that are affected by a vulnerability: - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to t...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References3
Hacker One
Hacker One
added 2025/06/06 1:26 a.m.10 views

curl: Failure to strip Proxy-Authorization header on change in origin

Summary: Failure to strip Proxy-Authorization header on change in origin. AI was not used. I maintain the PHP Guzzle HTTP package which uses curl, and noticed we have the same issue as curl in this regard. I was made aware of this issue when golang patched something similar a few hours ago:...

6.8CVSS8.6AI score0.0056EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:28 p.m.9 views

CVE-2021-3116

beforeupstreamconnection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion and versus or...

7.5CVSS6.8AI score0.01673EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.6 views

Alibaba Cloud Linux 3 : 0097: python-requests (ALINUX3-SA-2023:0097)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2023:0097 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-32681: Requests is a HTTP library. Since...

6.1CVSS7.1AI score0.02974EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.10 views

Alibaba Cloud Linux 3 : 0179: resource-agents (ALINUX3-SA-2024:0179)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0179 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-37891: urllib3 is a user-friendly...

8.8CVSS7.8AI score0.01939EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 7:22 a.m.10 views

Security Bulletin: Vulnerability in requests affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-32681]

Summary The requests package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2023-32681. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking...

6.1CVSS6.4AI score0.02974EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2024-37891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to...

6.5CVSS6.6AI score0.01141EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.7 views

Azure Linux 3.0 Security Update: python-pip / python-urllib3 / python3 (CVE-2024-37891)

The version of python-pip / python-urllib3 / python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37891 advisory. - urllib3 is a user-friendly HTTP client library for Python. When using urllib3...

6.5CVSS6.7AI score0.01141EPSS
Exploits1References2
OSV
OSV
added 2025/02/03 8:53 a.m.1 views

SUSE-SU-2025:20037-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed issue where proxy-authorization request header was not stripped during cross-origin redirects bsc1226469...

6.5CVSS6.9AI score0.01141EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/01/14 12:0 a.m.18 views

EulerOS 2.0 SP9 : python-urllib3 (EulerOS-SA-2025-1045)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/01/14 12:0 a.m.24 views

EulerOS 2.0 SP9 : python-urllib3 (EulerOS-SA-2025-1062)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/01/13 12:0 a.m.14 views

EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2025-1030)

According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization...

6.5CVSS6.8AI score0.01141EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2024/12/13 12:0 a.m.6 views

The vulnerability of the HTTP client library for Python urllib3, related to improper resource transfer between components, allows attackers to gain unauthorized access to protected information.

The vulnerability of the HTTP client library for Python urllib3 is related to improper handling of the Proxy-Authorization header during redirects between sources. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

5.4CVSS6.7AI score0.01141EPSS
Exploits1References10Affected Software4
Rows per page
Query Builder