Lucene search
K

198 matches found

OSV
OSV
added 2021/10/12 6:19 a.m.24 views

SUSE-SU-2021:3335-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2021-40438: Fixed a SRF via a crafted request uri-path. bsc1190703 - CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. bsc1190702 - CVE-2021-39275: Fixed an out-of-bounds write in apescapequotes via malicious inpu...

9.8CVSS8.5AI score0.99999EPSS
Exploits6References11
Ubuntu
Ubuntu
added 2021/09/28 1:28 p.m.186 views

USN-5090-3: Apache HTTP Server regression

USN-5090-1 fixed vulnerabilities in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote...

7.6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/09/16 2:40 p.m.18 views

CVE-2021-40438 mod_proxy SSRF

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

9.1AI score0.99999EPSS
Exploits5References19
OSV
OSV
added 2021/07/30 9:15 p.m.6 views

CVE-2021-34630

In the Pro and Enterprise versions of GTranslate 2.8.65, the gtranslaterequesturivar function runs at the top of all pages and echoes out the contents of $SERVER'REQUESTURI'. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable ...

6.1CVSS5.8AI score0.01572EPSS
Exploits2References1
OSV
OSV
added 2021/07/06 11:12 p.m.9 views

MGASA-2021-0314 Updated httpcomponents-client packages fix a security vulnerability

Priyank Nigam discovered that HttpComponents Client could misinterpret malformed authority component in a request URI and pick the wrong target host for request execution CVE-2020-13956...

5.3CVSS5.7AI score0.08665EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/05/28 5:0 p.m.21 views

CVE-2021-32637 Authentication bypassed with malformed request URI

Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngxhttpauthrequestmodule with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect...

10CVSS9.9AI score0.01868EPSS
Exploits1References2
NVD
NVD
added 2021/03/26 5:15 p.m.28 views

CVE-2021-20289

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

5.3CVSS0.01439EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/02/01 6:56 p.m.3 views

keycloak: Default Client configuration is vulnerable to SSRF using "request_uri" parameter

A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter requesturi. This flaw allows an attacker to use this parameter to execute a Server-side request forgery SSRF attack...

5.3CVSS5.8AI score0.69724EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2021/02/01 1:46 p.m.17 views

keycloak: Default Client configuration is vulnerable to SSRF using "request_uri" parameter

A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter requesturi. This flaw allows an attacker to use this parameter to execute a Server-side request forgery SSRF attack...

5.3CVSS5.8AI score0.69724EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2021/01/25 4:34 p.m.3 views

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

5.3CVSS7.2AI score0.08665EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2020/12/15 12:0 a.m.6 views

PT-2020-12318 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak versions prior to 13.0.0 Description: A flaw was found in Keycloak, where it is possible to force the server to call out an unverified URL using the OIDC parameter request uri. This flaw allows an attacker to use this parameter to...

5.3CVSS5.9AI score0.69724EPSS
Exploits5References21
Debian
Debian
added 2020/10/10 5:12 p.m.72 views

[SECURITY] [DLA 2405-1] httpcomponents-client security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2405-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 10, 2020 https://wiki.debian.org/LTS -...

5.3CVSS5.9AI score0.08665EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2020/06/20 12:0 a.m.7 views

Zoho ManageEngine Directory Traversal (CVE-2020-12116)

A directory traversal vulnerability exists in ManageEngine OpManager. This vulnerability is due to improper validation of user input in the request URI...

5CVSS3.6AI score0.97418EPSS
Exploits1
Hacker One
Hacker One
added 2020/03/18 11:53 p.m.175 views

Internet Bug Bounty: Cache Manager ACL Bypass

Summary: ACL Manager can be bypassed giving non authorized users to squid-internal-mgr. Possible to bypass other urlregex, but only focused on manager. with the hostname of the server running squid echo -e "GET https://jeriko.one%252f@:3128/squid-internal-mgr/activerequests HTTP/1.1\r\n\r\n" |nc...

7.5CVSS9.6AI score0.04151EPSS
Exploits0
OSV
OSV
added 2019/12/02 2:15 a.m.3 views

CVE-2019-19491

TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request...

6.1CVSS6.3AI score0.00791EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.14 views

Fedora 28 : php-zendframework-zend-feed (2018-7da5983771)

2.10.3 - 2018-08-01 Added - Nothing. Changed - This release modifies how Zend\Feed\Pubsubhubbub\AbstractCallback::detectCallbac kUrl marshals the request URI. In prior releases, we would attempt to inspect the X-Rewrite-Url and X-Original-Url headers, using their values, if present. These headers...

6.9AI score
Exploits0References1
Hacker One
Hacker One
added 2018/12/29 2:54 p.m.18 views

Nextcloud: Content spoofing on https://surveyserver.nextcloud.com

Hi NextCloud team, the https://surveyserver.nextcloud.com domain is vulnerable against content spoofing in the forbidden page due to the fact that the request URI is reflected without validation inside the aforementioned page. 1. Go on...

1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2018/10/02 12:0 a.m.23 views

phpMyAdmin index.php Local File Inclusion (CVE-2018-12613)

A local file inclusion vulnerability exists in phpMyAdmin. The vulnerability is due to improper sanitization of the request URI. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to information...

6.5CVSS2.4AI score0.98462EPSS
Exploits21
OSV
OSV
added 2018/09/14 7:29 a.m.9 views

CVE-2018-17039

MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $SERVER'REQUESTURI' is mishandled...

6.1CVSS5.7AI score
Exploits0References1
CNVD
CNVD
added 2018/09/14 12:0 a.m.5 views

MiniCMS Cross-Site Scripting Vulnerability (CNVD-2018-19748)

MiniCMS is a mini content management system CMS designed for personal websites. A cross-site scripting vulnerability exists in MiniCMS version 1.10, which stems from the program's failure to properly handle $SERVER'REQUESTURI'. A remote attacker can inject arbitrary web script or HTML with the he...

6.1CVSS5.9AI score0.00865EPSS
Exploits1References1
Rows per page
Query Builder