387 matches found
USN-6729-3: Apache HTTP Server vulnerabilities
USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue ...
RHEL 7 : rh-nodejs8-nodejs (RHSA-2019:1821)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1821 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Ubuntu: Security Advisory (USN-6729-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6729-2: Apache HTTP Server vulnerabilities
USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly...
USN-6729-2 apache2 vulnerabilities
USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly...
Ubuntu: Security Advisory (USN-6729-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6729-1: Apache HTTP Server vulnerabilities
Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. CVE-2023-38709 Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validatin...
USN-6729-1 apache2 vulnerabilities
Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. CVE-2023-38709 Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validatin...
BIT-APACHE-2021-33193 Request splitting via HTTP/2 method injection and mod_proxy
A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...
CentOS 9 : mod_http2-1.15.19-5.el9
The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the modhttp2-1.15.19-5.el9 build changelog. - HTTP request splitting with modrewrite and modproxy CVE-2023-25690 Note that Nessus has not tested for this issue but has instead relied only o...
IBM HTTP Server 8.5.0.0 < 8.5.5.24 / 9.0.0.0 < 9.0.5.16 Request Splitting Attacks (6963650)
The version of IBM HTTP Server running on the remote host is affected by an request splitting attack vulnerability due to an error when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch. A remote attacker could exploit this vulnerability to bypass access controls in the...
GHSA-9F9P-CP3C-72JF Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...
CVE-2024-23644
Trillium is a composable toolkit for building internet applications with async rust. In trillium-http prior to 0.3.12 and trillium-client prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...
Input validation
Trillium is a composable toolkit for building internet applications with async rust. In trillium-http prior to 0.3.12 and trillium-client prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...
CVE-2024-23644 trillium-http and trillium-client vulnerable to HTTP Request/Response Splitting
Trillium is a composable toolkit for building internet applications with async rust. In trillium-http prior to 0.3.12 and trillium-client prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...
RUSTSEC-2024-0008 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Summary Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over outbound headers. Details Outbound trilliumhttp::HeaderValue and trilliumhttp::HeaderName can be constructed infallibly a...
PT-2024-19995 · Unknown · Trillium-Http +1
Name of the Vulnerable Software and Affected Versions: trillium-http versions prior to 0.3.12 trillium-client versions prior to 0.5.4 Description: Insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have...