Debian: Security Advisory (DLA-2927-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2927-1] twisted security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2927-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler February 19, 2022 https://wiki.debian.org/LTS -...

Debian DLA-2927-1 : twisted - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2927 advisory. It was discovered that Twisted, a Python event-based framework for internet applications, is affected by HTTP request splitting vulnerabilities, and may expose...

Mageia: Security Advisory (MGASA-2019-0382)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2020-0428)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2020-0361)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it. (CVE-2021-33193)

Summary IBM Rational Build Forge version 8.0.x is affected by CVE-2021-33193 Vulnerability Details CVEID: CVE-2021-33193 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by improper input validation in HTTP/2 message processing. A remote attacker could explo...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2021:3335-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3335-1 advisory. - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or...

PT-2022-1950

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.47-alt1 through 2.4.57-alt2 Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ Description The Apache HTTP Server is affected by HTTP request splitting with mod rewrite and mod proxy CVE-2023-25690...

CVE-2021-41732

An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis. NOTE: the vendor's position is that the observed behavior is intended...

Cross site request forgery (csrf)

DISPUTED An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis. NOTE: the vendor's position is that the observed behavior is intended...

CVE-2021-41732

CVE-2021-41732 affects Zeek 4.1.0 and is described as a HTTP request splitting vulnerability that will invalidate any Zeek HTTP-based security analysis. The observed behavior is noted by the vendor as intended in Zeek. The connected documents consistently reference Zeek 4.1.0 and the HTTP-splitti...

CVE-2021-41732

An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis. NOTE: the vendor's position is that the observed behavior is intended...

CVE-2021-41732

Removed by vendor...

PT-2021-23387 · Zeek · Zeek

Name of the Vulnerable Software and Affected Versions: zeek version 4.1.0 Description: An issue was discovered in zeek that involves a HTTP request splitting vulnerability. This vulnerability will invalidate any ZEEK HTTP based security analysis. Recommendations: For zeek version 4.1.0, at the...

USN-5090-4: Apache HTTP Server regression

USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote...

USN-5090-3: Apache HTTP Server regression

USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote...

USN-5090-3 apache2 regression

USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote...

Ubuntu: Security Advisory (USN-5090-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2021-0439 Updated apache packages fix security vulnerability

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. CVE-2021-33193 Malformed requests may cause the server to dereference a NULL pointer. CVE-2021-34798 A carefully crafted request uri-path can cause...