62 matches found
SUSE CVE-2023-38431
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdusize in ksmbdconnhandlerloop, leading to an out-of-bounds read...
Removing Server HTTP header
...
SUSE CVE-2018-11652
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...
AZL-13173 CVE-2022-25881 affecting package nodejs for versions less than 16.20.1-2
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library...
GHSA-54W6-VXFH-FW7F Http4s improperly parses User-Agent and Server headers
Impact The User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. v0.21.x scala val unsafe: OptionUser-Agent = req.headers.getUser-Agent...
CVE-2023-22465
Http4s (Scala HTTP services) has a vulnerability where the User-Agent and Server header parsers can fatal‑error on certain inputs. Affected versions include 0.1.0 up to but not including 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38. Fixes are released in 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38. As a...
CVE-2023-22465 Http4s has fatal error parsing User-Agent and Server headers
Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applie...
PT-2023-18517 · Http4S · Http4S
Name of the Vulnerable Software and Affected Versions: Http4s versions 0.1.0 through 0.21.33 Http4s versions 0.22.0 through 0.22.14 Http4s versions 0.23.0 through 0.23.16 Http4s versions 1.0.0-M0 through 1.0.0-M37 Description: The User-Agent and Server header parsers in Http4s are susceptible to ...
CVE-2022-38113
This vulnerability discloses build and services versions in the server response header...
PT-2022-24207 · Solarwinds · Solarwinds Sem +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: This issue discloses build and services versions in the server response header. There is no information provided about the estimated number of potential...
Exploit for Out-of-bounds Write in Openssl
Detection for CVE-2022-3602 - OpenSSL RCE/DOC v3.0.0 - v3.0.6...
Knockpy 4.1.1 CSV Injection
Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Date: 2020-12-29 Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch detail...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers t...
The vulnerability relates to the implementation of the HTTP/2 server using the nginx software framework and Node.js, as well as the SwiftNIO networking library. It involves an uncontrolled resource consumption, allowing attackers to cause service failures.
The vulnerability of the HTTP/2 server implementation of nginx, a Node.js software platform, and the SwiftNIO networking framework is related to an uncontrolled resource consumption when processing a header with a parameter equal to zero. Exploiting this vulnerability could allow a malicious acto...
RATELIMITED: Server Header disclose The Os and Web server Version
Server header was present and disclosed the version of the web server and OS in HTTP responses. Server header was present and disclosed the version of the web server and OS...
Nikto CSV Injection Vulnerability (CNVD-2018-16264)
Nikto is an open source GPL web server scanner that performs a comprehensive multiple scan of web servers, containing over 3300 potentially dangerous files/CGIs; over 625 server versions; and over 230 server-specific issues. Scan items and plugins can be automatically updated if required. Based o...
UBUNTU-CVE-2018-11652
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...
DEBIAN-CVE-2018-11652
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...
ALPINE-CVE-2018-11652
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...
C5Scan - Vulnerability Scanner And Information Gatherer For The Concrete5 CMS
Vulnerability scanner and information gatherer for the Concrete5 CMS. Is a little out of date presently pending a refactor. concrete5 is an open-source content management system CMS for publishing content on the World Wide Web and intranets. concrete5 is designed for ease of use, for users with a...