CVE-2020-11805

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN...

LY Corporation: Path traversal in a Tomcat server

A path traversal vulnerability was discovered in a Tomcat server, which allowed an attacker to access internal resources such as the administrator page. The vulnerability was caused by a misconfiguration between the reverse proxy and the WAS, and occurred when the attacker entered the string "..;...

Frp - A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet

A Fast Reverse Proxy To Help You Expose A Local Server Behind A NAT Or Firewall To The Internet. Development Status frp is under development. Try the latest release version in the master branch, or use the dev branch for the version in development. The protocol might change at a release and we...

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

Amazon Linux 2 : squid (ALAS-2020-1486)

The version of squid installed on the remote host is prior to 3.5.20-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1486 advisory. An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive informatio...

Debian DSA-4750-1 : nginx - security update

It was reported that the Lua module for Nginx, a high-performance web and reverse proxy server, is prone to a HTTP request smuggling vulnerability. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4750. The te...

SUSE-SU-2020:14460-1 Security update for squid3

This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack CVE-2020-15049, bsc1173455 - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses CVE-2019-12519,...

The vulnerability of reverse proxies and proxy redirection mechanisms in the Apache Traffic Server allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of reverse proxies and proxy redirection in the Apache Traffic Server is related to inconsistent interpretation of HTTP requests. Exploiting this vulnerability can allow a remote attacker to access sensitive data, compromise its integrity, and cause service failures...

The vulnerability of the Transfer-Encoding and Content-length headers in reverse proxy and proxy redirection mechanisms of the Apache Traffic Server allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Transfer-Encoding and Content-length headers in reverse proxy and proxy redirection mechanisms of the Apache Traffic Server is related to inconsistent interpretation of HTTP requests. Exploiting this vulnerability can allow an attacker to gain access to confidential data,...

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers as demonstrated by the httputil.ReverseProxy Handler because it reads a request body and writes a response at the same time.

...

Buffer Overflows

Squid is vulnerable to buffer overflows. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy...

Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4448-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4448-1 advisory. It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause...

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

Ubuntu 16.04 LTS / 18.04 LTS : Squid vulnerabilities (USN-4446-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4446-1 advisory. Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform...

AZL-79042 CVE-2020-15586 affecting package golang 1.25.7-1

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...

DEBIAN-CVE-2020-15586

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...

AZL-38206 CVE-2020-15586 affecting package python-tensorboard for versions less than 2.16.2-1

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...

UBUNTU-CVE-2020-15586

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...

Apsis Pound Environmental Issues Vulnerabilities

Apsis Pound is a reverse proxy program for Web servers from the German company Apsis. The program supports reverse proxy, load balancing and HTTPS front-end and other features. A security vulnerability exists in versions of Apsis Pound prior to 2.8. An attacker can exploit the vulnerability to...