The vulnerability of the mod_proxy_uwsgi component in the Apache HTTP Server is related to deficiencies in HTTP request processing, allowing attackers to carry out a “HTTP request hijacking” attack.

The vulnerability of the modproxyuwsgi component in the Apache HTTP Server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...

Fixed in Apache Tomcat 11.0.0-M3

Important: Apache Tomcat information disclosure CVE-2023-28708 When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Tomcat did not include the secure attribute. This could result in th...

K56331254: Apache HTTP server vulnerability CVE-2021-41524

Security Advisory Description While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No...

The vulnerability of the server software HAProxy, related to deficiencies in HTTP request processing, allows attackers to carry out the “HTTP request hijacking” attack.

The vulnerability of the server-side software HAProxy is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...

PT-2023-1414 · Zyxel · Zyxel Gs1915 +4

Name of the Vulnerable Software and Affected Versions: Zyxel GS1920-24v2 firmware versions prior to V4.70ABMH.8C0 Zyxel GS1350, GS1915, GS1920, GS2220 affected versions not specified Description: The issue is related to an improper check for unusual or exceptional conditions in the HTTP request...

Apache Traffic Server 代码问题漏洞

Apache Traffic Server ATS is a suite of scalable HTTP proxy and caching servers from the Apache Foundation in the United States. A code issue vulnerability exists in Apache Traffic Server versions 8.0.0 through 9.1.2 that stems from its handling of requests without checking for exceptions or...

The vulnerability of the Twisted Web HTTP 1.1 module of the Twisted.web.http network framework allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Twisted Web HTTP 1.1 module of the Twisted.web.http network framework in Twisted is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

KeySight N6854A and N6841A RF Sensor Insecure Deserialization (CVE-2022-1660)

An insecure deserialization vulnerability exists in KeySight N6854A and N6841A RF Sensor. This vulnerability is due to Java serialization issues when processing requests...

The vulnerability of the Pallets Werkzeug web application library, related to deficiencies in HTTP request processing, allows attackers to execute XSS attacks.

The vulnerability of the Pallets Werkzeug web application lies in its lack of proper HTTP request processing. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using specially crafted HTTP requests...

Design/Logic Flaw

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...

CVE-2022-39278 Istio vulnerable to denial of service attack due to Golang Regex Library

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...

PT-2022-24864 · Unknown +1 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Istio versions prior to 1.15.2 Istio versions prior to 1.14.5 Istio versions prior to 1.13.9 Description: Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. The...

The vulnerability of Mozilla Firefox browser and the Thunderbird email client relates to deficiencies in HTTP request processing, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client is related to deficiencies in HTTP request processing. Exploiting this vulnerability can allow a malicious actor to cause service failures, bypass security restrictions, access confidential information, or execute...

The vulnerability of the WSGI server for Python Waitress, related to HTTP request processing flaws, allows attackers to compromise data integrity.

The vulnerability of the WSGI server for Python Waitress is related to the uncertainty in recognizing a single LF character as a line feed. Exploiting this vulnerability allows an attacker to compromise data integrity...

The vulnerability of the Python Waitress server, related to HTTP request processing flaws, allows attackers to compromise data integrity.

The vulnerability of the Python-based Waitress server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

The vulnerability of the DNS BIND server, related to deficiencies in HTTP request processing, allows attackers to compromise the integrity of data.

The vulnerability of the DNS BIND server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

The vulnerability of the Mozilla Firefox browser, related to the lack of validation during the processing of incoming requests, allows attackers to gain access to confidential data and compromise its integrity.

The vulnerability of the Mozilla Firefox browser is related to the lack of validation during the processing of incoming requests. Exploiting this vulnerability allows a remote attacker to gain access to confidential data and compromise its integrity...

The vulnerability of the HTTP/2 protocol implementation in the Apache Traffic Server allows a attacker to execute arbitrary code.

The vulnerability of the HTTP/2 protocol implementation in the Apache Traffic Server web server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Node.js software platform, related to deficiencies in HTTP request processing, allows a perpetrator to carry out a “HTTP request hijacking” attack.

The vulnerability of the Node.js software platform is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to carry out an “HTTP request hijacking” attack...

CVE-2022-28937

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests...