tomcat: incorrectly parsed http trailer headers can cause request smuggling

A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy...

USN-6038-2 golang-1.13, golang-1.16 vulnerabilities

USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding...

SAP Web Dispatcher Security Vulnerability

SAP Web Dispatcher is a core component of Load Balancing from SAP, which supports load balancing and provides reverse proxy functionality to enable external network users to access internal applications. A security vulnerability exists in SAP Web Dispatcher that stems from the fact that under...

GHSA-V2V2-HPH8-Q5XP @fastify/reply-from JSON Content-Type parsing confusion

Impact The main repo of fastify use fast-content-type-parse to parse request Content-Type, which will trim after split. The fastify-reply-from have not use this repo to unify the parse of Content-Type, which won't trim. As a result, a reverse proxy server built with @fastify/reply-from could...

@fastify/reply-from JSON Content-Type parsing confusion

Impact The main repo of fastify use fast-content-type-parse to parse request Content-Type, which will trim after split. The fastify-reply-from have not use this repo to unify the parse of Content-Type, which won't trim. As a result, a reverse proxy server built with @fastify/reply-from could...

CVE-2023-51701

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with @fastify/reply-from could misinterpret the incoming body by passing an header ContentType: application/json ; charset=utf-8. This can lead to bypass of security checks...

CVE-2023-51701 @fastify-reply-from JSON Content-Type parsing confusion

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with @fastify/reply-from could misinterpret the incoming body by passing an header ContentType: application/json ; charset=utf-8. This can lead to bypass of security checks...

Internet Bug Bounty: Request Smuggling in Apache Tomcat (Important, CVE-2023-45648)

A vulnerability in Apache Tomcat versions 11.0.0-M1 to 11.0.0-M11, 10.1.0-M1 to 10.1.13, 9.0.0-M1 to 9.0.80, and 8.5.0 to 8.5.93 allowed HTTP request smuggling due to improper parsing of trailer headers. This could be exploited by a remote attacker to bypass security controls when Tomcat was...

Bruteforce protection can be bypassed with misconfigured proxy

None...

CVE-2023-6563

An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens 500,000 users with each having at least 2 saved sessions. If an attacker creates two or more user sessions and then open the "consents" tab of th...

Request Smuggling org.apache.tomcat:tomcat-catalina Dependency in Bamboo Data Center and Server

This High severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in versions 9.2.1, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Internet Bug Bounty: Possibility of Request smuggling attack

A vulnerability in Apache Tomcat allowed request smuggling due to incorrect parsing of HTTP trailer headers. A specially crafted trailer header exceeding the size limit could cause Tomcat to treat a single request as multiple requests, enabling request smuggling attacks when behind a reverse prox...

PT-2023-31567 · Caddy · Caddy-Geo-Ip

Name of the Vulnerable Software and Affected Versions: caddy-geo-ip versions 0.6.0 and earlier for Caddy 2 Description: The issue allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism, such as the trusted proxy directive in revers...

Apache Tomcat 9.0.0-M1 < 9.0.83 Request Smuggling

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.95, 9.0.0-M1 to 9.0.82 or 10.1.0-M1 to 10.1.15. It is, therefore, affected by a request smuggling vulnerability. Tomcat did not correctly parse HTTP trailer headers. A specially crafted trailer header that exceeded the head...

Apache Tomcat 8.5.x < 8.5.96 Request Smuggling

The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.95, 9.0.0-M1 to 9.0.82 or 10.1.0-M1 to 10.1.15. It is, therefore, affected by a request smuggling vulnerability. Tomcat did not correctly parse HTTP trailer headers. A specially crafted trailer header that exceeded the head...

USN-6530-1: HAProxy vulnerability

It was discovered that HAProxy incorrectly handled URI components containing the hash character . A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain pathend rules...

CVE-2023-47633

Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions...

CVE-2023-47633

Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions...

CVE-2023-47106

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

CVE-2023-47106

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...