Elastic Elasticsearch Information Disclosure Vulnerability (ESA-2021-01)

Elasticsearch is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Information disclosure

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in...

CVE-2020-4896

IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987...

Input validation

IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987...

CVE-2020-4896

IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987...

CVE-2020-4896

CVE-2020-4896 affects IBM Emptoris Sourcing versions 10.1.0.x, 10.1.1.x, and 10.1.3.x. The root cause is improper input validation that allows manipulating HTTP request headers to perform a web cache poisoning attack. Public references (NVD, CNVD, and IBM bulletin) confirm the vulnerability and a...

python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function

A flaw was found in python-httplib2. An attacker controlling an unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenatio...

CVE-2020-8201

A flaw was found in Node.js, where affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This flaw leads to HTTP Request Smuggling as it is a non-standard interpretation of the header. The highest threat from this vulnerability is to...

Medium: python-httplib2

Issue Overview: In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string...

CVE-2020-14500

The discovered bug occurs due to improper handling of some of the HTTP request headers provided by the client. This could allow an attacker to remotely exploit GateManager to achieve remote code execution without any authentication required. If carried out successfully, such an attack could resul...

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

CVE-2020-5902 F5 BIG-IP devices Summary: A Zeek detec...

Security Bulletin: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers.

Summary IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. IBM X-Force ID: 156242. Vulnerability Details CVEID:...

MGASA-2020-0269 Updated python-httplib2 packages fix security vulnerability

Updated python-httplib2 packages fix security vulnerability: In httplib2, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri...

Header leakage on cross-domain redirects

This version fixes a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. Message::setHeaders does not replace the entire set of headers, but only operates on the headers matching t...

Arbitrary File Read

snyk-broker is vulnerable to arbitrary file read. The vulnerability exists as it does not properly restrict the values of the request headers...

Design/Logic Flaw

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as...

CVE-2020-11078

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as...

PYSEC-2020-46

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as...

CVE-2020-11078 CRLF injection in httplib2

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as...

CVE-2020-11078

CVE-2020-11078 affects httplib2 prior to 0.18.0. An attacker controlling an unescaped portion of the URI in httplib2.Http.request() could alter request headers and body and send hidden requests to the same server. The issue occurs when URIs are built by string concatenation rather than proper esc...