Lucene search
K

54 matches found

CVE
CVE
added 2020/06/10 6:45 p.m.106 views

CVE-2020-13223

CVE-2020-13223 affects HashiCorp Vault and Vault Enterprise. The issue arises from logging proxy environment variables that could reveal sensitive credentials. This is documented across multiple sources (e.g., NVD, osv, CNVD) with fixed versions identified as 1.3.6 and 1.4.2. Impact is informatio...

7.5CVSS7.5AI score0.01233EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/06/10 12:0 a.m.9 views

PT-2020-13380 · Hashicorp · Hashicorp Vault +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions prior to 1.3.6 HashiCorp Vault and Vault Enterprise versions prior to 1.4.2 Description: The issue concerns the logging of proxy environment variables that may contain sensitive credentials. This...

7.5CVSS6.8AI score0.01233EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2019/12/10 12:0 a.m.2 views

PT-2019-7507 · Erlang +2 · Erlang +2

Name of the Vulnerable Software and Affected Versions: Erlang versions prior to 22.1 Description: The issue allows remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request. This is related to the handling of the...

9.8CVSS7.9AI score0.01428EPSS
Exploits0References19
Citrix
Citrix
added 2017/08/30 12:0 a.m.8 views

Policies and Applications are not pushing to iOS devices from Xenmobile (Proxy Enabled Environment)

The device information is not fetched completely on XenMobile and under device setting on XenMobile console we don't see any assigned delivery group. The test connectivity is successful In the Debug logs you can see : | ERROR | pool-47-thread-1 | com.notnoop.apns.internal.ApnsConnectionImpl |...

6.8AI score
Exploits0
Broadcom
Broadcom
added 2017/02/07 12:0 a.m.8 views

BSA-2017-115

Security Advisory ID : BSA-2017-115 Component : Apache HTTPD Revision : 2.0: Final The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow...

8.1CVSS8.6AI score0.55724EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2016/10/10 8:38 p.m.3 views

Tomcat: CGI sets environmental variable based on user supplied Proxy request header

It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker coul...

8.1CVSS7.4AI score0.50896EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/08/22 6:7 p.m.5 views

HTTPD: sets environmental variable based on user supplied Proxy request header

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

8.1CVSS6.8AI score0.55724EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2016/08/18 6:20 p.m.3 views

Tomcat: CGI sets environmental variable based on user supplied Proxy request header

It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker coul...

8.1CVSS7.4AI score0.50896EPSS
Exploits0References4
CNVD
CNVD
added 2016/07/19 12:0 a.m.2 views

GO Language httpoxy Remote Proxy Infection Vulnerability

Go language is the second open source programming language released by Google. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist primarily in multiple web servers, web frameworks, and programming languages. The Proxy field nam...

8.1CVSS8.1AI score0.0522EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/19 12:0 a.m.39 views

Apache HTTP Server suffers from httpoxy remote proxy infection vulnerability

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist...

8.1CVSS9.3AI score0.55724EPSS
Exploits0References1
OSV
OSV
added 2016/07/18 2:0 p.m.5 views

UBUNTU-CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

8.1CVSS7AI score0.0522EPSS
Exploits0References3
OSV
OSV
added 2016/07/18 2:0 p.m.10 views

UBUNTU-CVE-2016-5385

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...

8.1CVSS6.9AI score0.50427EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2016/07/18 12:0 a.m.3 views

PT-2016-4503 · Twisted +4 · Twisted +4

Name of the Vulnerable Software and Affected Versions: Twisted versions prior to 16.3.1 Description: The issue arises from the software's failure to address RFC 3875 section 4.1.18 namespace conflicts, which leaves CGI applications unprotected from untrusted client data in the HTTP PROXY...

6.9CVSS7AI score0.02406EPSS
Exploits0References46
Positive Technologies
Positive Technologies
added 2016/07/18 12:0 a.m.10 views

PT-2016-6402 · Apache +5 · Apache Tomcat +5

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 7.0.0 through 7.0.70 Apache Tomcat versions 8.0.0 through 8.5.4 Description: The issue allows remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header i...

9.8CVSS7.6AI score0.90338EPSS
Exploits25References176
Rows per page
Query Builder