CVE-2023-30847 H2O vulnerable to read from uninitialized pointer in the reverse proxy handler

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP...

CVE-2023-30847

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP...

PT-2023-23002 · H2O · H2O

Name of the Vulnerable Software and Affected Versions: H2O versions 2.3.0-beta2 and prior Description: H2O is an HTTP server. When the reverse proxy handler tries to process a certain type of invalid HTTP request, it tries to build an upstream URL by reading from an uninitialized pointer. This...

h2o 缓冲区错误漏洞

h2o is a new generation of HTTP server. Not only is it very fast compared to older generation HTTP servers, but it also provides faster responses to end users. A buffer error vulnerability exists in H2O version 2.3.0-beta2 and earlier versions, which stems from the fact that when a reverse proxy...

Security Bulletin: IBM Safer Payments vulnerable to denial of service attack (CVE-2023-27556)

Summary The API and MCI interfaces of IBM Safer Payments are vulnerable to the Slowloris denial of service attack. This vulnerability is addressed Vulnerability Details CVEID:CVE-2023-27556 DESCRIPTION: IBM Counter Fraud Management for Safer Payments does not properly allocate resources without...

CVE-2022-46302

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk = 2.1.0p6, Checkmk = 2.0.0p27, and all versions of Checkmk 1.6.0 EOL allowing an attacker to perform remote code execution wi...

CVE-2022-46302

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk = 2.1.0p6, Checkmk = 2.0.0p27, and all versions of Checkmk 1.6.0 EOL allowing an attacker to perform remote code execution wi...

CVE-2022-46302

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk = 2.1.0p6, Checkmk = 2.0.0p27, and all versions of Checkmk 1.6.0 EOL allowing an attacker to perform remote code execution wi...

CVE-2022-46302

CVE-2022-46302 affects Tribe29 Checkmk installations prior to patched versions: Checkmk <= 2.1.0p6, Checkmk

CVE-2022-46302 Remote Code Execution with Root Privileges via Broad Apache Permissions

Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk = 2.1.0p6, Checkmk = 2.0.0p27, and all versions of Checkmk 1.6.0 EOL allowing an attacker to perform remote code execution wi...

PT-2023-14899 · Apache +1 · Apache +1

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 through 2.1.0p6 Checkmk version 2.0.0p27 Description: The issue allows site users to directly interact with the system Apache installation when providing reverse proxy configurations, enabling an attacker to perform...

Checkmk 安全漏洞

Checkmk is an editor. Checkmk suffers from a code execution vulnerability that stems from broad access control when providing reverse proxy configurations that allow users to interact directly with the system Apache installation. An attacker can exploit this vulnerability to execute remote code...

SAP Web Dispatcher Access Control Error Vulnerability

SAP Web Dispatcher is the core component of Load Balancing from SAP, which supports load balancing and provides the function of reverse proxy so that users from outside the network can access internal applications. An Access Control Error vulnerability exists in SAP Web Dispatcher, which stems fr...

CVE-2023-29013

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This...

CVE-2023-29013 HTTP header parsing could cause a deny of service

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This...

CVE-2023-29013

CVE-2023-29013 affects Traefik (Go) where HTTP header parsing could allocate substantially more memory than required, enabling a network-based denial of service. The issue is documented with a CVSS v3.1 base score of 7.5 (HIGH) and network attack vector with no user interaction. Remediation provi...

CVE-2023-29013

Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This...

The vulnerability of the nginx reverse proxy server configuration of the Cisco Finesse automation software allows a hacker to induce a service failure.

The vulnerability of the nginx reverse proxy server configuration of the Cisco Finesse automation software involves an incorrect authentication process. Exploiting this vulnerability allows a malicious actor to cause service failures...

SAP Web Dispatcher 安全漏洞

SAP Web Dispatcher is the core component of Load Balancing from SAP, which supports load balancing and provides the function of reverse proxy so that users from outside the network can access internal applications. An Access Control Error vulnerability exists in SAP Web Dispatcher, which stems fr...

Siemens SCALANCE LPE9403 Race Condition (CVE-2021-36221)

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...