CVE-2018-1000150

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...

CVE-2018-1000150

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealmauthContext that allows attackers with local file system access to obtain a list of authorities for logged in users...

CVE-2018-1000150

CVE-2018-1000150 affects Jenkins' Reverse Proxy Auth Plugin

Apache Tomcat JK ISAPI Connector Information Disclosure Vulnerability

Apache Tomcat JK ISAPI Connector is a U.S. Apache Apache Software Foundation for Apache or IIS to provide a connection to the back-end Tomcat module , which supports clustering and load balancing and so on. A security vulnerability exists in Apache Tomcat JK ISAPI Connector versions 1.2.0 through...

CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

Fixed in Apache Tomcat JK Connector 1.2.43

Important: Information disclosure CVE-2018-1323 The IIS/ISAPI specific code that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a...

Debian DSA-4128-1 : trafficserver - security update

Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server. They could lead to the use of an incorrect upstream proxy, or allow a remote attacker to cause a denial-of-service by application crash. C Tenable Network Security, Inc. The descriptive text and...

[SECURITY] [DSA 4128-1] trafficserver security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4128-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 02, 2018 https://www.debian.org/security/faq -...

Debian DLA-1280-1 : pound security update

A request smuggling vulnerability was discovered in pound that may allow attackers to send a specially crafted http request to a web server or reverse proxy while pound may see a different set of requests. This facilitates several possible exploitations, such as partial cache poisoning, bypassing...

[SECURITY] [DLA 1280-1] pound security update

Package : pound Version : 2.6-2+deb7u2 CVE ID : CVE-2016-10711 Debian Bug : 888786 A request smuggling vulnerability was discovered in pound that may allow attackers to send a specially crafted http request to a web server or reverse proxy while pound may see a different set of requests. This...

Multiple HPE IceWall Products Information Disclosure Vulnerabilities

HPE IceWall SSO Dfw and others are products of Hewlett Packard Enterprise HPE, U.S.A. HPE IceWall SSO Dfw is a set of single sign-on software.IceWall MCRP is a reverse proxy software. An information disclosure vulnerability exists in multiple HPE IceWall products. A remote attacker could exploit...

Puppet Enterprise Reverse Proxy Vulnerability

Puppet is a set of configuration management tools based on client/server C/S architecture from Puppet Labs in the U.S. It can be used to manage configuration files, users, cron tasks, packages, system services, etc. Puppet Enterprise is an enterprise version. A security vulnerability exists in...

CVE-2015-4100

CVE-2015-4100 affects Puppet Enterprise 3.7.x and 3.8.0, where remote authenticated users can manage certificates for arbitrary nodes by abusing a client certificate trusted by the master (Certificate Authority Reverse Proxy vulnerability). The issue is rooted in how certificates are trusted/hand...

CVE-2015-4100

Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."...

undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS

It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service...

undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS

It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service...

undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS

It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service...

undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS

It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service...