Oracle Linux 7 / 8 : olcne / istio / istio (ELSA-2022-9362)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9362 advisory. - Addresses CVE-2022-24726, CVE-2022-24921 istio Tenable has extracted the preceding description block directly from the Oracle Linux security...

The vulnerability of the History API component in the Cisco SD-WAN vManage network management system allows a attacker to disclose protected information.

The vulnerability of the History API component in the Cisco SD-WAN vManage network management system is related to errors in request processing. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

The vulnerability of the nginx HTTP server, related to deficiencies in HTTP request processing, allows attackers to gain unauthorized access to information.

The vulnerability of the nginx HTTP server is related to deficiencies in HTTP request processing. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to sensitive information...

The vulnerability of the Apache HTTP Server’s web server, related to HTTP request processing flaws, allows attackers to execute the “HTTP request hijacking” attack.

The vulnerability of the Apache HTTP Server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to carry out an “HTTP request hijacking” attack...

Design/Logic Flaw

Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the...

CVE-2022-24726

The CVE-2022-24726 entry affects Istio’s control plane (istiod) where a request processing error in the validating webhook, exposed publicly on TLS port 15017, can crash the control plane when a specially crafted message is processed. Affected versions have been patched in Istio releases 1.13.2, ...

The vulnerabilities of the SAP NetWeaver software integration platform, the SAP Content Server content server, and the SAP Web Dispatcher web dispatcher are related to deficiencies in HTTP request processing. This allows attackers to inject arbitrary code.

The vulnerability of the execute function in SAP software, specifically SAP ContentServer, and the software of SAP NetWeaver – the Content Server and the SAP Web Dispatcher – are related to HTTP request processing vulnerabilities. Exploiting these vulnerabilities allows a malicious actor to injec...

GHSA-856Q-XV3C-7F2F Unauthenticated control plane denial of service attack in Istio

Impact The Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the...

Denial Of Service (DoS)

github.com/istio/istio is vulnerable to denial of service DoS attacks. A malicious user is able to send a specifically crafted message causing a request processing error resulting a control plane crash...

Design/Logic Flaw

Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoin...

The vulnerability of the MariaDB database management system, related to buffer overflows in dynamic memory, allows attackers to execute arbitrary code.

The vulnerability of the MariaDB database management system is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code during request processing via CONNECT...

Istio 授权问题漏洞

Istio is an open platform for connecting, managing and securing microservices. Istio suffers from an authorization issue vulnerability that stems from the Istio control plane "istiod" being susceptible to request processing errors in the affected version. An attacker could use this vulnerability ...

Server side template injection — SSTI vulnerability ⚠️

Server side template injection — SSTI vulnerability ⚠️ Introduction There is hardly any software development or other linked elements that haven’t fallen into the trap of cyber vulnerabilities. Templates, used for HTML code management on the server-side, are amongst them. The attack targeting the...

The vulnerability of the free Apache2 web server, related to HTTP request processing flaws, allows attackers to compromise data integrity.

The vulnerability of the free Apache2 web server is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to compromise data integrity...

ALPINE-CVE-2021-44541

A vulnerability was found in Privoxy which was fixed in processencryptedrequestheaders by freeing header memory when failing to get the request destination...

The vulnerability of the Thunderbird email client and the Firefox browser is related to deficiencies in HTTP request processing, which allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the Thunderbird email client and the Firefox browser is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-09237)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server version 2.4.49, which arises from the detection of new null pointer...

Apache 2.4.49 < 2.4.50 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.49. It is, therefore, affected by multiple vulnerabilities: - While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the serve...

CVE-2021-41524

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...

Apache Httpd < 2.4.50 : null pointer dereference in h2 fuzzing

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...