761 matches found
UBUNTU-CVE-2019-15606
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...
CVE-2019-15606
A flaw was found in Node.js where the HTTPs header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTPs request which is validated by an upstream proxy server, but not by the Node.js HTTPs server...
PT-2020-2534 · Node.Js +8 · Node.Js +8
Name of the Vulnerable Software and Affected Versions: Node.js versions 10 through 13 Description: The issue is related to insufficient input validation when processing HTTP headers in Node.js, allowing a remote attacker to gain full control over the application through various network protocols...
DRUPAL-CORE-2019-010
Drupal 8 core's filesaveupload function does not strip the leading and trailing dot '.' from filenames, like Drupal 7 did. Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to...
PT-2019-15674 · Envoy +1 · Envoy +1
Name of the Vulnerable Software and Affected Versions: Envoy version 1.12.0 Description: An issue was discovered where an untrusted remote client can send an HTTP header, such as the Host header, with whitespace after the header content. This allows the client to bypass matchers, for example, by...
CVE-2019-14857
A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...
DEBIAN-CVE-2019-14857
A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...
UBUNTU-CVE-2019-14857
A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...
CVE-2019-14857
A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...
CVE-2019-14857
A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon...
openSUSE Security Update : apache2-mod_auth_openidc (openSUSE-2019-2499)
This update for apache2-modauthopenidc fixes the following issues : - CVE-2019-14857: Fixed an open redirect issue that exists in URLs with trailing slashes bsc1153666. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security, Inc. The descriptive text a...
SUSE SLES15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2019:2934-1)
This update for apache2-modauthopenidc fixes the following issues : CVE-2019-14857: Fixed an open redirect issue that exists in URLs with trailing slashes bsc1153666. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable...
SUSE-SU-2019:2935-1 Security update for apache2-mod_auth_openidc
This update for apache2-modauthopenidc fixes the following issues: - CVE-2019-14857: Fixed an open redirect issue that exists in URLs with trailing slashes bsc1153666...
glibc: getaddrinfo should reject IP addresses with trailing characters
In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the...
chromium-browser: Extensions can be disabled by trailing slash
Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page...
undertow: Information leak in requests for directories without trailing slashes
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...
undertow: Information leak in requests for directories without trailing slashes
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...
undertow: Information leak in requests for directories without trailing slashes
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...
undertow: Information leak in requests for directories without trailing slashes
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...
undertow: Information leak in requests for directories without trailing slashes
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...