Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities (CVE-2016-1000027,CVE-2024-22243,CVE-2024-22259,CVE-2024-38809,CVE-2024-22262,CVE-2024-38820,CVE-2024-38828)

Summary Spring MVC controller vulnerable to potential remote code execution RCE , DoS attack and DataBinder Case Sensitive Match Exception. Applications that use UriComponentsBuilder to parse an externally provided URL may be vulnerable to a open redirect...

Linux Distros Unpatched Vulnerability : CVE-2024-22243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the...

Ubuntu: Security Advisory (USN-6530-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : HAProxy vulnerability (USN-6530-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6530-2 advisory. Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character . A remote attacker could possib...

springframework: URL Parsing with Host Validation

A flaw was found in the Spring Framework. Applications that use UriComponentsBuilder to parse an externally provided URL, for example, through a query parameter, and perform validation checks on the host of the parsed URL may be vulnerable to an open redirect attack or an SSRF attack if the URL i...

springframework: URL Parsing with Host Validation

A vulnerability was found in Spring Framework. Affected versions of this package are vulnerable to an Open Redirect when using UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host of the parsed URL...

UBUNTU-CVE-2024-22262

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

PT-2024-2941 · Unknown +2 · Spring Framework +4

Name of the Vulnerable Software and Affected Versions: Spring Framework versions prior to 5.3.34 Spring Framework versions prior to 6.0.19 Spring Framework versions prior to 6.1.6 Description: The issue exists due to insufficient validation of user-input data in the UriComponentsBuilder component...

DEBIAN-CVE-2024-22259

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

UBUNTU-CVE-2024-22259

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

RHEL 9 : haproxy (RHSA-2024:1142)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1142 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy...

GHSA-CCGV-VJ62-XF9H Spring Web vulnerable to Open Redirect or Server Side Request Forgery

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks...

UBUNTU-CVE-2024-22243

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

CLSA-2023-1703183093 haproxy: Fix of CVE-2023-45539

CVE-2023-45539: do not accept '' as part of the URI component...

CLSA-2023-1703181305 haproxy: Fix of CVE-2023-45539

CVE-2023-45539: h1: do not accept '' as part of the URI component; h2: reject more chars from the :path pseudo header...

CLSA-2023-1703008559 Fix CVE(s): CVE-2023-45539

SECURITY UPDATE: Accepting '' as part of the URI component might allow remote attackers to obtain sensitive information or have unspecified other impact - debian/patches/CVE-2023-45539.patch: h1: do not accept '' as part of the URI component; h2: reject more chars from the :path pseudo header -...

USN-6530-1 haproxy vulnerability

It was discovered that HAProxy incorrectly handled URI components containing the hash character . A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain pathend rules...

PT-2023-8863

Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 2.8.2 Description The issue is related to HAProxy accepting as part of the URI component. This could allow remote attackers to obtain sensitive information or have other unspecified impacts due to the misinterpretatio...

Design/Logic Flaw

Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical detai...

Mac OS X 10.12 isolation mechanism bypass vulnerability

Vulnerability summary Mac OS X a vulnerability exists that could allow an attacker to bypass the Apple of the isolation mechanism, without any restrictions to execute arbitrary JavaScript code. Vulnerability submitter From WeAreSegment security researcher Filippo Cavallarin to Beyond Security SSD...