2151 matches found
Security update for squid (moderate)
openSUSE Security Update: Security update for squid Announcement ID: openSUSE-SU-2020:0307-1 Rating: moderate References: 1162687 1162689 1162691 Cross-References: CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 Affected Products: openSUSE Leap 15.1 An update that fixes four...
CVE-2019-5737
It was found that the original fix for Slowloris, CVE-2018-12122, was insufficient. It is possible to bypass the server's headersTimeout by sending two specially crafted HTTP requests in the same connection. An attacker could use this flaw to bypass Slowloris protection, resulting in a denial of...
Potential HTTP request smuggling in Apache Tomcat
The refactoring present in Apache Tomcat versions 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was...
GHSA-767J-JFH2-JVRC Potential HTTP request smuggling in Apache Tomcat
The refactoring present in Apache Tomcat versions 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was...
GHSA-QXF4-CHVG-4R8R Potential HTTP request smuggling in Apache Tomcat
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...
Potential HTTP request smuggling in Apache Tomcat
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...
PT-2020-14513
Name of the Vulnerable Software and Affected Versions Go versions 1.13.x through 1.13.12 Go versions 1.14.x through 1.14.4 Description The issue is related to a data race in some net/http servers. This occurs when the server concurrently reads a request body and writes a response, as demonstrated...
SUSE SLES12 Security Update : squid (SUSE-SU-2020:0487-1)
This update for squid to version 4.10 fixes the following issues : Security issues fixed : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy bsc1162687. CVE-2020-8450: Fixed a buffer...
SUSE SLES15 Security Update : squid (SUSE-SU-2020:0493-1)
This update for squid to version 4.10 fixes the following issues : Security issues fixed : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy bsc1162687. CVE-2020-8450: Fixed a buffer...
ISPConfig SQL Injection Vulnerability
ISPConfig is an open source web hosting management program for Linux with a Web control panel , you can use the Web control panel to manage web hosting , open a website , open a mailbox , open and manage mysql databases , support for DNS resolution and monitor the server's operating conditions an...
CVE-2020-9398
ISPConfig before 3.1.15p3, when the undocumented reverseproxypanelallowed=sites option is manually enabled, allows SQL Injection...
HTTP Request Smuggling
tomcat-coyote is vulnerable to HTTP request smuggling. The vulnerability exists due to mishandling of incorrect transfer encoding headers introduced by a regression if server is placed after a reverse proxy...
CVE-2019-17569
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located...
CVE-2020-1935
A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...
DEBIAN-CVE-2019-17569
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located...
CVE-2019-17569
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located...
CVE-2019-17569
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located...
CVE-2020-1935
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...
UBUNTU-CVE-2020-1935
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...
Design/Logic Flaw
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...