Lucene search
+L

31 matches found

Cvelist
Cvelist
added 2023/12/22 4:31 p.m.37 views

CVE-2023-49792 Bruteforce protection can be bypassed with misconfigured proxy

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a reverse proxy is configured as truste...

5.3CVSS9.8AI score0.01041EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.10 views

SUSE CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...

7.1CVSS7.4AI score0.81466EPSS
Exploits4References10
Hacker One
Hacker One
added 2022/07/10 8:22 p.m.14 views

Kindred Group: [www.32red.com] Reverse proxy misconfiguration leads to 1-click account takeover

==Below is the original, partially-redacted report== --------- Hi team, Summary We have found a misconfiguration in the reverse proxy powering www.32red.com, as it's possible to manipulate the forwarded requests using URL-encoded characters. This leads to a full 1-click account takeover by...

5.3AI score
Exploits0
OSV
OSV
added 2021/12/20 12:15 p.m.2 views

DEBIAN-CVE-2021-44224

A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...

8.2CVSS7.2AI score0.82295EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/17 12:0 a.m.9 views

Apache TomEE 授权问题漏洞

Apache TomEE is the United States Apache Software Apache Foundation of a lightweight Java EE application server . A security vulnerability exists in Apache TomEE versions 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5, which originates from the use of the embedded ActiveMQ proxy...

9.8CVSS7.3AI score0.03654EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/04 1:11 p.m.6 views

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

5.8CVSS6.8AI score0.09386EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2020/04/21 10:55 a.m.6 views

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

5.8CVSS6.8AI score0.09386EPSS
Exploits0References7
OSV
OSV
added 2019/09/26 4:15 p.m.9 views

ALPINE-CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...

6.1CVSS6.2AI score0.81466EPSS
Exploits4References1
Debian CVE
Debian CVE
added 2019/09/26 2:7 p.m.77 views

CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...

6.1CVSS5.9AI score0.81466EPSS
Exploits4
AlpineLinux
AlpineLinux
added 2019/09/26 2:7 p.m.50 views

CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...

6.1CVSS7.7AI score0.81466EPSS
Exploits4
OSV
OSV
added 2019/08/14 12:0 a.m.3 views

UBUNTU-CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...

6.1CVSS6.6AI score0.81466EPSS
Exploits4References4
Rows per page
Query Builder