Catastrophic backtracking in regex allows Denial of Service in Waitress

Impact When waitress receives a header that contains invalid characters it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This would allow an attacker to send a single request with an invalid...

InspIRCd websocket module double free vulnerability

The InspIRCd development team reports: The websocket module before v3.8.1 contains a double free vulnerability. When combined with a HTTP reverse proxy this vulnerability can be used by any user who is GKZ-lined to remotely crash an InspIRCd server...

CVE-2011-3621

A reverse proxy issue exists in FluxBB before 1.4.7 when FORUMBEHINDREVERSEPROXY is enabled...

Authentication flaw

A reverse proxy issue exists in FluxBB before 1.4.7 when FORUMBEHINDREVERSEPROXY is enabled...

CVE-2011-3621

A reverse proxy issue exists in FluxBB before 1.4.7 when FORUMBEHINDREVERSEPROXY is enabled...

CVE-2011-3621

The CVE-2011-3621 entry concerns a reverse proxy handling flaw in FluxBB prior to 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled. The description is supported by the NVD entry, which lists a CVSS2 base score of 7.5 (HIGH) and a CVSS3.1 base score of 9.8 (CRITICAL), indicating a potentially seve...

Internet Bug Bounty: Squid as reverse proxy RCE and data leak

Summary: This was a very difficult experience as Squid maintainers took a long time to answer. I tried getting help from HackerOne support, Dropbox support and the Internet Bug Bounty never e-mailed me back to no avail. What could have taken a few days took months. The vulnerability concerns a...

Content Delivery Networks handle HTTP headers in different and unexpected ways

Overview A Content Delivery Network CDN is a distributed network of proxy servers that deliver web content collected from a back end web server using a temporary local storage called a cache. HTTP cache poisoning is a type of attack that allows a remote attacker to inject arbitrary content using...

CVE-2018-12122

It was found that Node.js HTTP server was vulnerable to a Slowloris type attack. An attacker could make long lived connections by sending bytes very slowly to the server, saturating its resource and possibly resulting in a denial of service. Mitigation The use of a Load Balancer or a Reverse Prox...

HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress

Impact If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Content-Length: 10 Transfer-Encoding: \x0bchunked For clarity: 0x0b == vertical...

HTTP Request Smuggling: Content-Length Sent Twice in Waitress

Impact Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. So a request with: Content-Length: 10 Content-Length: 10 would get transformed to: Content-Length: 10, 10 Whic...

HTTP Request Smuggling: LF vs CRLF handling in Waitress

Impact Waitress implemented a "MAY" part of the RFC7230 https://tools.ietf.org/html/rfc7230section-3.5 which states: Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR...

PT-2019-6231 · Waitress +3 · Waitress +3

Name of the Vulnerable Software and Affected Versions: Waitress versions 1.3.1 and earlier Description: The issue arises from Waitress implementing a "MAY" part of the RFC7230, which allows recognizing a single LF as a line terminator and ignoring any preceding CR. This can lead to a potential fo...

[SECURITY] Fedora 31 Update: haproxy-2.0.10-1.fc31

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

[SECURITY] Fedora 30 Update: haproxy-1.8.23-1.fc30

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

PT-2019-14826

Name of the Vulnerable Software and Affected Versions Puma versions prior to 3.12.2 Puma versions prior to 4.3.1 Description A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened th...

Debian DSA-4577-1 : haproxy - security update

Tim Dusterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF injections. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

CVE-2019-4036

IBM Security Access Manager Appliance could allow unauthenticated attacker to cause a denial of service in the reverse proxy component. IBM X-Force ID: 156159...

CVE-2019-4036

CVE-2019-4036 affects IBM Security Access Manager Appliance. The available documents show unauthenticated remote denial-of-service against the reverse proxy, commonly associated with Slow HTTP/Slowloris abuse. Affected product: IBM Security Access Manager Appliance (ISAM Appliance); impact: denia...

New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites

A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources. The issue could affect...