1317 matches found
NGINX Information Disclosure Vulnerability
NGINX is a lightweight Web server/reverse proxy server and e-mail IMAP/POP3 proxy server from the U.S. company NGINX. The NGINX information disclosure vulnerability can be exploited by an attacker to allow nginx to expose sensitive information over the network...
CVE-2020-6750
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays...
CVE-2020-6750
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays...
Code injection
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays...
CVE-2020-6750
CVE-2020-6750 affects GSocketClient in GNOME GLib up to version 2.62.4. The proxy_addr field is mishandled, which can cause a direct connection to the target address instead of through a proxy when a proxy is configured. This timing-dependent behavior may be more relevant for privacy/anonymity us...
CVE-2020-6750
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays...
CVE-2020-6750
GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays...
Information Exposure
GSocketClient in GNOME GLib may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxyaddr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest...
JVN#97325754: F-RevoCRM vulnerable to cross-site scripting
F-RevoCRM provided by ThinkingReed inc. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the patch according to the information provided by the developer. Apply Workaround Applying the...
[SECURITY] [DLA 2056-1] waitress security update
Package : waitress Version : 0.8.9-2+deb8u1 Debian Bug : 765126 It was discovered that there was a HTTP request smuggling vulnerability in waitress, pure-Python WSGI server. If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end a...
CVE-2019-16789
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...
Information disclosure
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...
CVE-2019-16789 HTTP Request Smuggling in Waitress: Invalid whitespace characters in headers
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...
CVE-2019-16789
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...
CVE-2019-16789
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...
HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress
Impact If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Content-Length: 10 Transfer-Encoding: \x0bchunked For clarity: 0x0b == vertical...
Inspecting TLS Web Traffic - Part 1
In this series of blogs I'm going to talk about how the continued move towards all web traffic being encrypted has impacted enterprise security. In this blog I'm going to focus on the basics - what is encrypted web traffic and how can you proactively control this. TLS encryption is the de-facto...
Envoy Resource Management Error Vulnerability (CNVD-2021-58579)
Envoy is an open source distributed proxy server. version 1.10.0 to 1.11.1 of Envoy contains a resource management error vulnerability, which can be exploited by attackers with specially crafted requests to cause a denial of service consume CPU resources...
Information Disclosure
play-ws is vulnerable to information disclosure. The vulnerability exists through a regression caused by async-http-client that causes HTTP CONNECT requests set to an outbound HTTPS requests when using an authenticated proxy server...
Machine-In-The-Middle
Overview Versions of https-proxy-agent prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept...