51 matches found
BIT-TOMCAT-2023-28708 Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 10.1.0 to 10.1.5, 9.0.0 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the...
EUVD-2015-3234
Malware in sbrugna...
EUVD-2008-0063
Malware in sbrugna...
EUVD-2015-1370
Malware in sbrugna...
EUVD-2016-5679
Malware in sbrugna...
GHSA-FFP2-8P2H-4M5J Password Pusher rate limiter can be bypassed by forging proxy headers
Impact Password Pusher comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. Additionally, with the ability to bypass rate...
Password Pusher rate limiter can be bypassed by forging proxy headers
Impact Password Pusher comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. Additionally, with the ability to bypass rate...
Password Pusher rate limiter can be bypassed by forging proxy headers
Impact Password Pusher comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. Patches In v1.49.0, a fix was implemented to...
GO-2023-1828 Hashicorp Consul allows user with service:write permissions to patch remote proxy instances in github.com/hashicorp/consul
Hashicorp Consul allows user with service:write permissions to patch remote proxy instances in github.com/hashicorp/consul...
CBL Mariner 2.0 Security Update: telegraf (CVE-2023-2816)
The version of telegraf installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2816 advisory. - Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions...
RSSHub 安全漏洞
RSSHub is an RSS feed generator written in Node.js, distributed under the MIT license and maintained by DIYgod and other GitHub users. A security vulnerability exists in versions prior to RSSHub 1.0.0-master.a429472, which stems from a vulnerability that could allow a remote attacker to use the...
BIT-CONSUL-2023-2816 Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the services corresponding to those...
Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-008)
The version of tomcat installed on the remote host is prior to 9.0.73-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2023-008 advisory. A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker...
CVE-2023-39903
An issue was discovered in Fujitsu Software Infrastructure Manager ISM before 2.8.0.061. The ismsnap component in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log allows insecure collection and storage of authorization credentials in cleartext...
Insecure Default Configuration
github.com/hashicorp/consul is vulnerable to Insecure Default Configuration. The vulnerability exists because the library does not properly disable the remote proxy patching except AWS Lambda, which allows an attacker with service: write permissions to use Envoy extensions configured via service...
GHSA-RQJQ-WW83-WV5C Hashicorp Consul allows user with service:write permissions to patch remote proxy instances
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the services corresponding to those...
CVE-2023-2816
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the services corresponding to those...
AZL-35303 CVE-2023-2816 affecting package telegraf for versions less than 1.29.4-1
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the services corresponding to those...
CVE-2023-2816
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the services corresponding to those...
CVE-2023-2816
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the services corresponding to those...