54 matches found
CVE-2020-13223
CVE-2020-13223 affects HashiCorp Vault and Vault Enterprise. The issue arises from logging proxy environment variables that could reveal sensitive credentials. This is documented across multiple sources (e.g., NVD, osv, CNVD) with fixed versions identified as 1.3.6 and 1.4.2. Impact is informatio...
PT-2020-13380 · Hashicorp · Hashicorp Vault +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions prior to 1.3.6 HashiCorp Vault and Vault Enterprise versions prior to 1.4.2 Description: The issue concerns the logging of proxy environment variables that may contain sensitive credentials. This...
PT-2019-7507 · Erlang +2 · Erlang +2
Name of the Vulnerable Software and Affected Versions: Erlang versions prior to 22.1 Description: The issue allows remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request. This is related to the handling of the...
Policies and Applications are not pushing to iOS devices from Xenmobile (Proxy Enabled Environment)
The device information is not fetched completely on XenMobile and under device setting on XenMobile console we don't see any assigned delivery group. The test connectivity is successful In the Debug logs you can see : | ERROR | pool-47-thread-1 | com.notnoop.apns.internal.ApnsConnectionImpl |...
BSA-2017-115
Security Advisory ID : BSA-2017-115 Component : Apache HTTPD Revision : 2.0: Final The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow...
Tomcat: CGI sets environmental variable based on user supplied Proxy request header
It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker coul...
HTTPD: sets environmental variable based on user supplied Proxy request header
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
Tomcat: CGI sets environmental variable based on user supplied Proxy request header
It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker coul...
GO Language httpoxy Remote Proxy Infection Vulnerability
Go language is the second open source programming language released by Google. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist primarily in multiple web servers, web frameworks, and programming languages. The Proxy field nam...
Apache HTTP Server suffers from httpoxy remote proxy infection vulnerability
Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist...
UBUNTU-CVE-2016-5386
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...
UBUNTU-CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...
PT-2016-4503 · Twisted +4 · Twisted +4
Name of the Vulnerable Software and Affected Versions: Twisted versions prior to 16.3.1 Description: The issue arises from the software's failure to address RFC 3875 section 4.1.18 namespace conflicts, which leaves CGI applications unprotected from untrusted client data in the HTTP PROXY...
PT-2016-6402 · Apache +5 · Apache Tomcat +5
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 7.0.0 through 7.0.70 Apache Tomcat versions 8.0.0 through 8.5.4 Description: The issue allows remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header i...