Astra Linux - уязвимость в connman

A issue was discovered in the DNS proxy of Connman through version 1.40. The TCP server reply implementation creates an infinite loop if no data is received...

Astra Linux - уязвимость в mod-wsgi

A vulnerability was discovered in modwsgi. The X-Client-IP header is not removed from a request sent from a trusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application. The condition necessary to remove the X-Client-IP header is missing...

Astra Linux - уязвимость в curl

Curl versions 7.63.0 through 7.75.0 include a vulnerability that allows a malicious HTTPS proxy to intercept connections by mishandling TLS 1.3 session tickets. When using an HTTPS proxy and TLS 1.3, libcurl may misinterpret session tickets sent from the HTTPS proxy as those coming from the remot...

Astra Linux - уязвимость в firefox

When Multi-Account Containers was enabled, DNS requests could bypass a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

Astra Linux - уязвимость в tomcat9

There is an improper input validation vulnerability in Apache Tomcat. In versions of Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82, and from 8.5.0 through 8.5.95, HTTP trailer headers were not parsed correctly. A trailer header that exceede...

Astra Linux - уязвимость в apache2

Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.53 and...

Astra Linux - уязвимость в apache2

The Apache HTTP Server versions 2.4.6 to 2.4.46, with the modproxywstunnel module configured, were used to handle a URL. The origin server did not necessarily upgrade this connection. This setup allowed subsequent requests on the same connection to be processed without any HTTP validation,...

Astra Linux - уязвимость в apache2

A properly crafted URI sent to httpd, configured as a forward proxy with ProxyRequests enabled, can cause a crash NULL pointer dereference. In configurations that mix forward and reverse proxy declarations, it can also allow requests to be directed to a declared Unix Domain Socket endpoint...

Astra Linux - уязвимость в connman

A issue was discovered in the DNS proxy of Connman through version 1.40. The forwarddnsreply function improperly handles a strnlen call, resulting in an out-of-bounds read...

Astra Linux - уязвимость в jetty9

In Eclipse Jetty versions 9.4.0 through 9.4.46, and 10.0.0 through 10.0.9, as well as 11.0.0 through 11.0.9, the parsing of the authority segment of an http scheme URI causes the Jetty HttpURI class to incorrectly detect an invalid input as a hostname. This can lead to failures in a Proxy scenari...

Astra Linux - уязвимость в apache2

Apache HTTP Server versions 2.4.41 to 2.4.46 with modproxyhttp can become unstable when processing specially crafted requests that use both Content-Length and Transfer-Encoding headers. This can lead to a denial of service...

Astra Linux - уязвимость в tomcat9

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26, or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers by setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat would not reject requests containing an invalid Content-Length header. This...

Astra Linux - уязвимость в puma

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP requests comply with the RFC7230 standard, Puma and the frontend proxy may disagree about where the requests start and...

Astra Linux - уязвимость в waitress

In Waitress version 1.4.0, if a proxy server is used in front of Waitress, an attacker may send an invalid request that bypasses the front-end and is parsed differently by Waitress. This could lead to HTTP request smuggling. Specifically, requests containing special whitespace characters in the...

Astra Linux - уязвимость в zabbix

JavaScript preprocessing can be exploited by attackers to gain access to the file system read-only access on behalf of the user “zabbix” on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...

Astra Linux - уязвимость в apache2

A encoding problem in the modproxy component of the Apache HTTP Server 2.4.59 and earlier versions allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication through crafted requests. It is recommended that users upgrade to version 2.4.60, as...

Astra Linux - уязвимость в openssh

Using SSH in OpenSSH before version 10.1 allows for the use of the '\0' character in an SSH URI. This could potentially lead to code execution when a ProxyCommand is used...

Astra Linux - уязвимость в golang-1.19, golang-1.23

Proxy-Authorization and Proxy-Authenticate headers remain after cross-origin redirections, potentially exposing sensitive information...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix use-after-free in AARP proxy probe The AARP proxy-probe routine aarpproxyprobenetwork sends a probe, releases the aarplock, sleeps, and then re-acquires the lock. During this period, a timer thread...

Astra Linux - уязвимость в haproxy

HAProxy versions 2.0.32, 2.1.x, and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 send empty Content-Length headers, violating section 8.6 of RFC 9110. In rare cases, an HTTP/1 server behind HAPProxy may interpret...