Debian DSA-4805-1 : trafficserver - security update

Two vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server : - CVE-2020-17508 The ESI plugin was vulnerable to memory disclosure. - CVE-2020-17509 The negative cache option was vulnerable to cache poisoning. C Tenable Network Security, Inc. The descriptive te...

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

Oracle Linux 7 : tomcat (ELSA-2020-5020)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5020 advisory. 0:7.0.76-16 - Resolves: rhbz1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling Tenable has extracted the...

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

CVE-2020-5944

In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defect. CVE-2020-5944...

Design/Logic Flaw

In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defect. CVE-2020-5944...

Security Bulletin: CVE-2019-17569, CVE-2020-1935 HTTP Request Smuggling if Tomcat was located behind a reverse proxy

Summary In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a...

CVE-2020-5944

In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defect. CVE-2020-5944...

CVE-2020-5944

CVE-2020-5944 affects BIG-IQ 7.1.0 where access to DoS Summary and DNS Overview pages returns an error due to a disabled Grafana reverse proxy in web service configuration. The issue has been re-classified by F5 as a defect and is not assigned to other F5 vulnerabilities; CVSS metrics are provide...

squid: Improper input validation in request allows for proxy manipulation

A flaw was found in squid. The absolute URL of a request can include the decoded UserInfo username and password for certain protocols. This decoded info may contain special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a...

squid: Buffer overflow in reverse-proxy configurations

A flaw was found in squid. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy...

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

squid:4 security, bug fix, and enhancement update

An update is available for libecap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Squid is a high-performance proxy caching server for web clients, supporting...

Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS

An HTTP detection flaw was discovered in Django. If deployed behind a reverse-proxy connecting to Django via HTTPS, django.http.HttpRequest.scheme incorrectly detected client requests made using HTTP as using HTTPS. This resulted in incorrect results for issecure and buildabsoluteuri, and HTTP...

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS

An HTTP detection flaw was discovered in Django. If deployed behind a reverse-proxy connecting to Django via HTTPS, django.http.HttpRequest.scheme incorrectly detected client requests made using HTTP as using HTTPS. This resulted in incorrect results for issecure and buildabsoluteuri, and HTTP...

An issue was discovered in Ruby through 2.5.8 2.6.x through 2.6.6 and 2.7.x through 2.7.1. WEBrick a simple HTTP server bundled with Ruby had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check) which may lead to an HTTP Request Smuggling attack.

...

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...