Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request

Impact Information Disclosure When the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of authentication or...

DEBIAN-CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

ALPINE-CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

Authorization

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

UBUNTU-CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

CVE-2020-25613

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy which also has a po...

squid: Buffer overflow in reverse-proxy configurations

A flaw was found in squid. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy...

Important: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 7 : squid (RHSA-2020:4082)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4082 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: HTTP...

EulerOS 2.0 SP3 : squid (EulerOS-SA-2020-2127)

According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling o...

CVE-2020-11805

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN...

CVE-2020-11805

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN...

Design/Logic Flaw

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN...

CVE-2020-11805

Technical details of CVE-2020-11805 are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories.

CVE-2020-11805

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN...

LY Corporation: Path traversal in a Tomcat server

A path traversal vulnerability was discovered in a Tomcat server, which allowed an attacker to access internal resources such as the administrator page. The vulnerability was caused by a misconfiguration between the reverse proxy and the WAS, and occurred when the attacker entered the string "..;...

Frp - A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet

A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet. Development Status frp is under development. Try the latest release version in the master branch, or use the dev branch for the version in development. The protocol might change at a release and we...

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...