Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists in the way Thunderbird handled error responses returned from proxy servers. If an attacker is able to conduct a man-in-the-middle attack against a Thunderbird instance that is using a proxy server, they may be able to steal...

Information Disclosure

elinks is vulnerable information disclosure. An information disclosure flaw was found in the way ELinks passes https POST data to a proxy server. POST data sent via a proxy to an https site is not properly encrypted by ELinks, possibly allowing the disclosure of sensitive information...

CVE-2020-6750

GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays...

squid security update

CentOS Errata and Security Advisory CESA-2020:1068 An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2016-5386

An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTPPROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTPPROXY" is used by numerous web clients, including Go's net/http package,...

CVE-2019-15605

A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...

The vulnerability of the HTTP PROXY Server process on the Cisco IOS operating system allows a perpetrator to trigger a service failure.

The vulnerability of the HTTP PROXY Server process on the Cisco IOS operating system is related to a memory leak. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

CVE-2016-1000111

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbou...

Updated glib2.0 packages fix security vulnerability

The updated packages fix a security vulnerability: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may...

nodejs: HTTP request smuggling using malformed Transfer-Encoding header

A flaw was found in the Node.js code where a specially crafted HTTPs request sent to a Node.js server failed to properly process the HTTPs headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is...

Denial of Service

Overview Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERRHTTPHEADERSSENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the...

CVE-2016-1000109

HHVM is vulnerable to an httpoxy-style issue where untrusted data in the HTTP_PROXY variable can redirect a CGI app’s outbound traffic to an arbitrary proxy. Affected HHVM ranges include pre-3.9.6, 3.10.0–3.12.4, and 3.13.0–3.14.2. The CVE-2016-1000109 description confirms the root cause as RFC 3...

Memory corruption

A memory leak vulnerability exists in Cisco IOS before 15.21T due to a memory leak in the HTTP PROXY Server process aka CSCtu52820, when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured...

CVE-2011-4661

A memory leak vulnerability exists in Cisco IOS before 15.21T due to a memory leak in the HTTP PROXY Server process aka CSCtu52820, when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured...

CVE-2011-4661

CVE-2011-4661 affects Cisco IOS before 15.2(1)T, caused by a memory leak in the HTTP PROXY Server (CSCtu52820) when ISR Web Security with ScanSafe and NTLM authentication is configured. Documented impact includes partial availability loss with attack surface over the network. No explicit exploit ...

CVE-2019-15606

A flaw was found in Node.js where the HTTPs header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTPs request which is validated by an upstream proxy server, but not by the Node.js HTTPs server...

Squid Information Disclosure Vulnerability (CNVD-2020-04521)

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. Squid suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain information...

CVE-2020-2107

Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Design/Logic Flaw

Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

CVE-2020-2107

Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...