CVE-2024-28869

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of...

CVE-2024-28869 Possible denial of service vulnerability with Content-length header in Traefik

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of...

CVE-2024-28869 Possible denial of service vulnerability with Content-length header in Traefik

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of...

CVE-2024-28869

Technical details about CVE-2024-28869 are not publicly available in the provided Connected documents. The initial description lists vulnerable Traefik versions and fixes, but no additional technical specifics or exploit information are present here. Monitor for updates.

K000139064: Apache vulnerabilities CVE-2009-2299, CVE-2012-3526, CVE-2012-4001, and CVE-2012-4360

Security Advisory Description CVE-2009-2299 The Artofdefence Hyperguard Web Application Firewall WAF module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via an...

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs...

tomcat: HTTP request smuggling via malformed trailer headers

An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a...

tomcat: HTTP request smuggling via malformed trailer headers

An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a...

tomcat: HTTP request smuggling via malformed trailer headers

An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a...

Important: tomcat

Issue Overview: Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header...

Amazon Linux 2 : tomcat (ALASTOMCAT9-2024-012)

The version of tomcat installed on the remote host is prior to 9.0.83-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2024-012 advisory. Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through...

OESA-2024-1250 containers-common security update

This package contains common configuration files and documentation for container tools ecosystem, such as Podman, Buildah and Skopeo. Security Fixes: Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP wi...

BIT-TOMCAT-2021-33037 Incorrect Transfer-Encoding handling with HTTP/1.0

Apache Tomcat 10.0.0 to 10.0.6, 9.0.0 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

BIT-TOMCAT-2023-45648 Apache Tomcat: Trailer header parsing too lenient

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0 through 11.0.0, from 10.1.0 through 10.1.13, from 9.0.0 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a...

BIT-SYMFONY-2022-24894

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...

BIT-RUBY-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

BIT-PROMETHEUS-2021-29622 Arbitrary redirects under /new endpoint

Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirec...

BIT-OAUTH2-PROXY-2021-21291 Subdomain checking of whitelisted domains could allow unintended redirects

OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers Google, GitHub, and others to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in...

BIT-GRAFANA-2021-43815 Grafana directory traversal for `.cvs` files

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerabili...

BIT-MINIO-2022-31028 Possible DDOS by establishing keep-alive connections with anonymous HTTP clients in MinIO

MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections...