2178 matches found
Security Bulletin: IBM Security Access Manager for Web High CPU utilization (CVE-2014-0963)
Summary The Reverse Proxy component in all versions of IBM Security Access Manager for Web is affected by a problem in which, under very specific conditions, CPU utilization can rapidly increase and not decrease. This issue is related to the SSL implementation in IBM Security Access Manager ISAM...
isapi_redirect: Mishandled HTTP request paths in jk_isapi_plugin.c can lead to unintended exposure of application resources via the reverse proxy
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...
USN-3663-1: HAProxy vulnerability
It was discovered that HAProxy incorrectly handled certain resquests. An attacker could possibly use this to expose sensitive information...
Misconfigured Reverse Proxy Servers Spill Credentials
Researchers have created a proof-of-concept attack that allows unauthenticated adversaries to extract user credentials from misconfigured reverse proxy servers in order to delete, manipulate or extract data from websites and applications. The proof-of-concept PoC attack targets major cloud...
Important: Red Hat Security Advisory: rh-haproxy18-haproxy security update
An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2018-1172
it was found that Squid, when used as a reverse proxy, did not handle ESI responses properly. A malicious web server could use this flaw to crash Squid...
Information disclosure
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...
CVE-2018-1000150
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...
CVE-2018-1000150
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...
CVE-2018-1000150
An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...
CVE-2018-1000150
CVE-2018-1000150 affects Jenkins' Reverse Proxy Auth Plugin
Apache Tomcat JK ISAPI Connector Information Disclosure Vulnerability
Apache Tomcat JK ISAPI Connector is a U.S. Apache Apache Software Foundation for Apache or IIS to provide a connection to the back-end Tomcat module , which supports clustering and load balancing and so on. A security vulnerability exists in Apache Tomcat JK ISAPI Connector versions 1.2.0 through...
CVE-2018-1323
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...
CVE-2018-1323
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...
CVE-2018-1323
The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...
Fixed in Apache Tomcat JK Connector 1.2.43
Important: Information disclosure CVE-2018-1323 The IIS/ISAPI specific code that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a...
Debian DSA-4128-1 : trafficserver - security update
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. They could lead to the use of an incorrect upstream proxy, or allow a remote attacker to cause a denial-of-service by application crash. C Tenable Network Security, Inc. The descriptive text and...
[SECURITY] [DSA 4128-1] trafficserver security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4128-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 02, 2018 https://www.debian.org/security/faq -...
Debian DLA-1280-1 : pound security update
A request smuggling vulnerability was discovered in pound that may allow attackers to send a specially crafted http request to a web server or reverse proxy while pound may see a different set of requests. This facilitates several possible exploitations, such as partial cache poisoning, bypassing...
[SECURITY] [DLA 1280-1] pound security update
Package : pound Version : 2.6-2+deb7u2 CVE ID : CVE-2016-10711 Debian Bug : 888786 A request smuggling vulnerability was discovered in pound that may allow attackers to send a specially crafted http request to a web server or reverse proxy while pound may see a different set of requests. This...