Lucene search
K

10 matches found

OSV
OSV
added 2020/03/03 3:32 p.m.26 views

GHSA-6V7P-V754-J89V HTTP Response Splitting in Styx

Vulnerability Styx is vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting'. Vulnerable Component The vulnerable component is the com.hotels.styx.api.HttpHeaders.Builder due to disabling the HTTP Header validation built into Netty in these...

6.5CVSS6.8AI score0.01162EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2020/03/03 3:32 p.m.106 views

HTTP Response Splitting in Styx

Vulnerability Styx is vulnerable to CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting'. Vulnerable Component The vulnerable component is the com.hotels.styx.api.HttpHeaders.Builder due to disabling the HTTP Header validation built into Netty in these...

6.5CVSS0.1AI score0.01162EPSS
Exploits1References4Affected Software1
MSRC
MSRC
added 2019/11/06 8:12 p.m.53 views

Vulnerability hunting with Semmle QL: DOM XSS

In two previous blog posts part 1 and part 2, we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­...

1AI score
Exploits0
MSRC
MSRC
added 2019/11/06 8:0 a.m.13 views

Vulnerability hunting with Semmle QL: DOM XSS

In two previous blog posts part 1 and part 2, we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­...

6.5AI score
Exploits0
MSRC
MSRC
added 2019/11/06 8:0 a.m.15 views

Vulnerability hunting with Semmle QL: DOM XSS

In two previous blog posts part 1 and part 2, we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­...

1.3AI score
Exploits0
myhack58
myhack58
added 2019/03/28 12:0 a.m.130 views

Using Semmle QL vulnerability out Part2-vulnerability warning-the black bar safety net

First part of this series introduced the Semmle QL, as well as the Microsoft Security Response Center MSRC how to use it to review to our report the vulnerability. This article discusses a How do we take the initiative to use it examples, including Azure firmware component of a security audit. Th...

0.8AI score
Exploits0
MSRC
MSRC
added 2019/03/19 7:0 a.m.6 views

Vulnerability hunting with Semmle QL, part 2

The first part of this series introduced Semmle QL, and how the Microsoft Security Response Center MSRC are using it to investigate variants of vulnerabilities reported to us. This post discusses an example of how we’ve been using it proactively, covering a security audit of an Azure firmware...

6.9AI score
Exploits0
MSRC
MSRC
added 2019/03/19 7:0 a.m.10 views

Vulnerability hunting with Semmle QL, part 2

The first part of this series introduced Semmle QL, and how the Microsoft Security Response Center MSRC are using it to investigate variants of vulnerabilities reported to us. This post discusses an example of how we’ve been using it proactively, covering a security audit of an Azure firmware...

2.8AI score
Exploits0
MSRC
MSRC
added 2018/08/16 7:0 a.m.24 views

Vulnerability hunting with Semmle QL, part 1

Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch...

0.7AI score
Exploits0
MSRC
MSRC
added 2018/08/16 7:0 a.m.8 views

Vulnerability hunting with Semmle QL, part 1

Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch...

7.7AI score
Exploits0
Rows per page
Query Builder