2155 matches found
PT-2023-14899 · Apache +1 · Apache +1
Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 through 2.1.0p6 Checkmk version 2.0.0p27 Description: The issue allows site users to directly interact with the system Apache installation when providing reverse proxy configurations, enabling an attacker to perform...
Checkmk 安全漏洞
Checkmk is an editor. Checkmk suffers from a code execution vulnerability that stems from broad access control when providing reverse proxy configurations that allow users to interact directly with the system Apache installation. An attacker can exploit this vulnerability to execute remote code...
SAP Web Dispatcher Access Control Error Vulnerability
SAP Web Dispatcher is the core component of Load Balancing from SAP, which supports load balancing and provides the function of reverse proxy so that users from outside the network can access internal applications. An Access Control Error vulnerability exists in SAP Web Dispatcher, which stems fr...
CVE-2023-29013
Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This...
CVE-2023-29013 HTTP header parsing could cause a deny of service
Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This...
CVE-2023-29013
Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This...
CVE-2023-29013
CVE-2023-29013 affects Traefik (Go) where HTTP header parsing could allocate substantially more memory than required, enabling a network-based denial of service. The issue is documented with a CVSS v3.1 base score of 7.5 (HIGH) and network attack vector with no user interaction. Remediation provi...
The vulnerability of the nginx reverse proxy server configuration of the Cisco Finesse automation software allows a hacker to induce a service failure.
The vulnerability of the nginx reverse proxy server configuration of the Cisco Finesse automation software involves an incorrect authentication process. Exploiting this vulnerability allows a malicious actor to cause service failures...
SAP Web Dispatcher 安全漏洞
SAP Web Dispatcher is the core component of Load Balancing from SAP, which supports load balancing and provides the function of reverse proxy so that users from outside the network can access internal applications. An Access Control Error vulnerability exists in SAP Web Dispatcher, which stems fr...
Siemens SCALANCE LPE9403 Race Condition (CVE-2021-36221)
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...
Debian dla-3384 : libtomcat9-embed-java - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3384 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3384-1 [email protected]...
[SECURITY] [DLA 3384-1] tomcat9 security update
Debian LTS Advisory DLA-3384-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 05, 2023 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.31-1deb10u8 CVE ID : CVE-2022-42252 CVE-2023-28708 Debian Bug : 1033475 Two security vulnerabilities have been...
SUSE SLES15 Security Update : tomcat (SUSE-SU-2023:1669-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1669-1 advisory. - When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https,...
SUSE CVE-2023-28708
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...
Apache Tomcat Information Disclosure Vulnerability (Mar 2023) - Linux
Apache Tomcat is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...
GHSA-2C9M-W27F-53RM Apache Tomcat vulnerable to Unprotected Transport of Credentials
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...
CVE-2023-28708
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...
CVE-2023-28708
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...
CVE-2023-28708
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...
Authentication flaw
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...