SUSE SLES12: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2022:4303-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4303-1 advisory. - CVE-2022-42252: Fixed a request smuggling bsc1204918. Tenable has extracted the preceding description block directly from the SUSE securit...

SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-el-3_0-api / etc (SUSE-SU-2022:4257-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4257-1 advisory. - CVE-2021-43980: Fixed information disclosure due to concurrency issues in Http11Processor bsc1203868. - CVE-2022-42252: Fixed a...

golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

SUSE SLES12: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2022:4193-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:4193-1 advisory. - CVE-2022-42252: Fixed a request smuggling bsc1204918. Tenable has extracted the preceding description block directly from the SUSE security advisory...

AlmaLinux 9 : buildah (ALSA-2022:8008)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8008 advisory. - A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is...

FreeBSD : Tomcat -- Request Smuggling (556fdf03-6785-11ed-953b-002b67dfc673)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 556fdf03-6785-11ed-953b-002b67dfc673 advisory. - If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was...

GHSA-WCJJ-QM5V-J4PC Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords

Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords

Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

CVE-2022-45384

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

CVE-2022-45384

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty

A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity...

golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty

A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity...

golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

Jenkins Plugin Reverse Proxy Auth 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2022-27486 · Jenkins · Jenkins Reverse Proxy Auth Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Reverse Proxy Auth Plugin versions 1.7.3 and earlier Description: The issue allows attackers with access to the Jenkins controller file system to view the LDAP manager password, which is stored unencrypted in the global config.xml fil...

CVE-2022-45384

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...

CVE-2022-45384

CVE-2022-45384 affects the Jenkins Reverse Proxy Auth Plugin. Versions 1.7.3 and earlier store the LDAP manager password unencrypted in the Jenkins controller’s global config.xml, enabling access by anyone with filesystem access to the controller. The vulnerability is triggered by plaintext stora...

CVE-2022-45384

Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP manager password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system...