Improper access control

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

CVE-2023-47633 Uncontrolled Resource Consumption in Traefik

Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions...

CVE-2023-47633

CVE-2023-47633 affects the Traefik Docker image when it serves as its own backend, triggered by an automatically generated route from Docker integration in default configuration. The issue causes 100% CPU usage, leading to a denial of service-like impact on the affected instance. The vulnerabilit...

CVE-2023-47633 Uncontrolled Resource Consumption in Traefik

Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions...

CVE-2023-47106

Traefik vulnerability CVE-2023-47106: when a request contains a URL fragment, Traefik URL-encodes and forwards the fragment to the backend, violating RFC 7230 (origin-form should only have path and query). In a setup with a frontend proxy like Nginx, this can bypass URI-based access controls. Add...

CVE-2023-47106 Incorrect processing of fragment in the URL leads to Authorization Bypass in Traefik

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

CVE-2023-47124

CVE-2023-47124 describes a DoS vector in Traefik when using HTTPChallenge to obtain/renew Let’s Encrypt TLS certificates: the 50-second delay allowed solving the challenge can be abused for a slowloris-style attack. Public details in the initial document specify impacts as a server availability r...

[SECURITY] Fedora 37 Update: golang-github-openprinting-ipp-usb-0.9.23-5.fc37

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol...

Fedora: Security Advisory for golang-github-openprinting-ipp-usb (FEDORA-2023-ce2836acfa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-46589

An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a...

Apache Tomcat Request Smuggling Vulnerability (Nov 2023) - Windows

Apache Tomcat is prone to a request smuggling vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if...

Apache Tomcat Request Smuggling Vulnerability (Nov 2023) - Linux

Apache Tomcat is prone to a request smuggling vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if...

GHSA-FCCV-JMMP-QG76 Apache Tomcat Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82, and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...

DEBIAN-CVE-2023-46589

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...

UBUNTU-CVE-2023-46589

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...

CVE-2023-46589 Apache Tomcat: HTTP request smuggling via malformed trailer headers

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...

Apache Tomcat Environment Issue Vulnerability

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . It is used to implement support for Servlets and JavaServer Page JSP. Apache Tomcat suffers from an environmental issue vulnerability that stems from the presence of an incorrect input validation...

Privilege escalation

capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the TokenReview result. All the clusters running with the anonymous-auth Kubernetes API...

Atlassian Confluence 7.19.x < 7.19.16 (CONFSERVER-93168)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93168 advisory. - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers vi...

tomcat: incorrectly parsed http trailer headers can cause request smuggling

A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy...