The vulnerability of the API component of the Containous Traefik reverse proxy server allows attackers to disclose protected information.

The vulnerability of the Containous Traefik reverse proxy server’s API is related to implementation errors in the API. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

FreeBSD : grafana -- LDAP and OAuth login vulnerability (1f8d5806-ac51-11e8-9cb6-10c37b4ac2ea)

Grafana Labs reports : On the 20th of August at 1800 CEST we were contacted about a potential security issue with the 'remember me' cookie Grafana sets upon login. The issue targeted users without a local Grafana password LDAP & OAuth users and enabled a potential attacker to generate a valid...

Chaturbate: Web cache deception attack - expose token information

Hello, I have found new Vulnerability in your website which called Web cache deception attack. It's found first time in Paypal. Web Cache Deception Attack Websites often tend to use web cache functionality to store files that are often retrieved, to reduce latency from the web server. Let's see a...

grafana -- LDAP and OAuth login vulnerability

Grafana Labs reports: On the 20th of August at 1800 CEST we were contacted about a potential security issue with the “remember me” cookie Grafana sets upon login. The issue targeted users without a local Grafana password LDAP & OAuth users and enabled a potential attacker to generate a valid cook...

Design/Logic Flaw

A vulnerability in Trend Micro Control Manager versions 6.0 and 7.0 could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server DoS...

CVE-2018-10512

A vulnerability in Trend Micro Control Manager versions 6.0 and 7.0 could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server DoS...

CVE-2018-10512

A vulnerability in Trend Micro Control Manager versions 6.0 and 7.0 could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server DoS...

CVE-2018-10512

A vulnerability in Trend Micro Control Manager versions 6.0 and 7.0 could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server DoS...

[SECURITY] Fedora 28 Update: haproxy-1.8.12-2.fc28

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

Mesosphere Marathon Web UI Public WAN (Internet) / Public LAN Accessible

The script checks if the Mesosphere Marathon Web UI is accessible from a public WAN Internet / public LAN. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Security Bulletin: TLS padding vulnerability affects Tivoli Access Manager for e-business and IBM Security Access Manager for Web (CVE-2014-8730)

Summary IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web are affected by a TLS padding vulnerability, which could allow a remote attacker to obtain sensitive information. Vulnerability Details The following vulnerability affects both IBM Tivoli Access Manager for...

Security Bulletin: IBM Security Access Manager for Web - NIST setting (CVE-2014-3052)

Summary A defect in the configuration of IBM Security Access Manager ISAM for Web v8.0 could result in systems failing to properly comply to NIST800-131 standards. Vulnerability Details CVE ID : CVE-2014-3052 DESCRIPTION: The reverse proxy component of IBM Security Access Manager for Web can be...

Security Bulletin: IBM Security Access Manager for Web High CPU utilization (CVE-2014-0963)

Summary The Reverse Proxy component in all versions of IBM Security Access Manager for Web is affected by a problem in which, under very specific conditions, CPU utilization can rapidly increase and not decrease. This issue is related to the SSL implementation in IBM Security Access Manager ISAM...

isapi_redirect: Mishandled HTTP request paths in jk_isapi_plugin.c can lead to unintended exposure of application resources via the reverse proxy

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

USN-3663-1: HAProxy vulnerability

It was discovered that HAProxy incorrectly handled certain resquests. An attacker could possibly use this to expose sensitive information...

Misconfigured Reverse Proxy Servers Spill Credentials

Researchers have created a proof-of-concept attack that allows unauthenticated adversaries to extract user credentials from misconfigured reverse proxy servers in order to delete, manipulate or extract data from websites and applications. The proof-of-concept PoC attack targets major cloud...

Important: Red Hat Security Advisory: rh-haproxy18-haproxy security update

An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2018-1172

it was found that Squid, when used as a reverse proxy, did not handle ESI responses properly. A malicious web server could use this flaw to crash Squid...

CVE-2018-1000150

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...

Information disclosure

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...