AZL-42162 CVE-2024-4323 affecting package fluent-bit for versions less than 2.2.3-1

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution...

AZL-42103 CVE-2024-4323 affecting package fluent-bit for versions less than 3.0.6-1

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution...

CVE-2024-4323 Fluent Bit Memory Corruption Vulnerability

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution...

Fluent Bit 安全漏洞

Fluent Bit is an open source log processing and analysis system written in C. A security vulnerability exists in Fluent Bit versions 2.0.7 through 3.0.3, which stems from a security issue in the parsing of trace requests by the http server that could lead to a denial of service condition,...

Design/Logic Flaw

SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg to a built and previewed/hosted sveltekit app throws Request with GET/HEAD method cannot have body. and crashes the preview/hosting. After this happens, one must manually restart the app. TRACE requests will...

SUSE CVE-2007-1560

The clientProcessRequest function in src/clientside.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service daemon crash via crafted TRACE requests that trigger an assertion error...

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

Fixed in Apache Tomcat 7.0.78

Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...

Fixed in Apache Tomcat 8.0.44

Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...

Fixed in Apache Tomcat 8.5.15

Important: Security Constraint Bypass CVE-2017-5664 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the...

BSA-2016-012

Security Advisory ID : BSA-2016-012 Component : BEA WebLogic Revision : 2.0: Final The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to...

OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

CVE-2011-1309

The Plug-in component in IBM WebSphere Application Server WAS before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors...

Design/Logic Flaw

The Plug-in component in IBM WebSphere Application Server WAS before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors...

CVE-2011-1309

The Plug-in component in IBM WebSphere Application Server WAS before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors...

OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

Design/Logic Flaw

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

CVE-2010-3574

CVE-2010-3574 is tied to HttpURLConnection HTTP TRACE handling. Oracle Java SE/Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, 1.3.1_28 were noted as affected in the CVE entry, and the entry cites a claim that untrusted code could perform TRACE requests due to a permission check issue. Co...

CVE-2010-3574

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...

CVE-2010-3574

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...