2135 matches found
PT-2024-37857 · Undefined · Undefined
"Source": "CVE FEED", "Title": "CVE-2024-6765 - CVE-2021-34567: Oracle WebLogic Server Reverse HTTPProxy Denial of Service", "Content": "CVE ID : CVE-2024-6765 Published : July 17, 2024, 2:15 p.m. | 16 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CV...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerability (USN-6880-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6880-1 advisory. Sam Shahsavar discovered that Apache Tomcat did not properly reject HTTP requests with an invalid Content-Length header. A remote attacker...
CVE-2024-39321
An authorization bypass vulnerability was found in Traefik. This flaw allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Mitigation Mitigation for this issue is either not available or the currently available options do not meet...
CVE-2024-39321
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patc...
CVE-2024-39321
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patc...
CVE-2024-39321 Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patc...
CVE-2024-39321 Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patc...
CVE-2024-39321
Traefik vulnerability CVE-2024-39321 affects Traefik versions prior to 2.11.14 and 3.2.1, where the API/dashboard validates X-Forwarded-Prefix but can be bypassed by a crafted header, potentially enabling cache poisoning. Remediation: upgrade to Traefik 2.11.14+ or 3.2.1+. Exploitation status not...
SUSE CVE-2024-24791
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail...
AZL-78960 CVE-2024-24791 affecting package golang 1.25.7-1
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail...
DEBIAN-CVE-2024-24791
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail...
AZL-43068 CVE-2024-24791 affecting package golang for versions less than 1.22.5-1
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail...
UBUNTU-CVE-2024-24791
The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail...
Allocation of Resources Without Limits or Throttling
Overview std/net/http is a Go standard library package std/net/http Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an...
MGASA-2024-0235 Updated python-aiohttp packages fix security vulnerability
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...
Updated python-aiohttp packages fix security vulnerability
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...
Authentication Bypass
ghost is vulnerable Authentication Bypass. The vulnerability is caused due to the misuse of multiple X-Forwarded-For headers with different values, which allows remote attackers to bypass the rate-limit protection mechanism. Note that the project recommends a reverse proxy to prevent this...
NiceRAT Malware Targets South Korean Users via Cracked Software
Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...
PT-2024-25905 · Ghost · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost versions 5.85.1 and earlier Description: The issue allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. The vendor recommends installing Ghost...