EUVD-2002-0449

Malware in sbrugna...

Eclipse Jetty Information Disclosure Vulnerability (GHSA-v7ff-8wcx-gmc5) - Linux

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

Eclipse Jetty Information Disclosure Vulnerability (GHSA-v7ff-8wcx-gmc5) - Windows

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

Authorization Before Parsing and Canonicalization in jetty

Release 9.4.37 introduced a more precise implementation of RFC3986 with regards to URI decoding, together with some new compliance modes to optionally allow support of some URI that may have ambiguous interpretation within the Servlet specified API methods behaviours. The default mode allowed %...

GHSA-V7FF-8WCX-GMC5 Authorization Before Parsing and Canonicalization in jetty

Release 9.4.37 introduced a more precise implementation of RFC3986 with regards to URI decoding, together with some new compliance modes to optionally allow support of some URI that may have ambiguous interpretation within the Servlet specified API methods behaviours. The default mode allowed %...

GHSA-66Q9-F7FF-MMX6 Local file inclusion vulnerability in http4s

Impact This vulnerability applies to all users of: org.http4s.server.staticcontent.FileService org.http4s.server.staticcontent.ResourceService org.http4s.server.staticcontent.WebjarService Path escaping URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expos...

Local file inclusion vulnerability in http4s

Impact This vulnerability applies to all users of: org.http4s.server.staticcontent.FileService org.http4s.server.staticcontent.ResourceService org.http4s.server.staticcontent.WebjarService Path escaping URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expos...

CVE-2014-6438

The URI.decodewwwformcomponent method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service catastrophic regular expression backtracking, resource consumption, or application crash via a crafted string...

Double nibble URI decoding XSS Vulnerability on EC Council website

Double nibble URI decoding XSS Vulnerability on EC Council website What EC Council is ? They offers certifications in certified ethical hacker ceh, Computer Security, network security, internet security program and computer forensics and penetration testing. Information Security, Ethical Hacking,...

Double nibble URI decoding XSS Vulnerability on EC Council website

Double nibble URI decoding XSS Vulnerability on EC Council website What EC Council is ? They offers certifications in certified ethical hacker ceh, Computer Security, network security, internet security program and computer forensics and penetration testing. Information Security, Ethical Hacking,...

GLSA-200812-04 : lighttpd: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200812-04 lighttpd: Multiple vulnerabilities Multiple vulnerabilities have been reported in lighttpd: Qhy reported a memory leak in the httprequestparse function in request.c CVE-2008-4298. Gaetan Bisson reported that URIs are not...

arsdigita-traverse.txt

SUMMARY ======= A directory traversal vulnerability exists in the Ars Digita Community System. A remote attacker could exploit this vulnerability to read arbitrary files with the permissions of the web server. AFFECTED SOFTWARE ================= Ars Digita Community System ACS 3.4.9, 3.4.10, and...

Microsoft Internet Explorer URI Decoding Vulnerability

Description Microsoft Internet Explorer is prone to a vulnerability related to URI decoding. A bug in how the browser parses encoded URI data may allow zone bypass. As a result, it is possible to force the browser to interpret Web content in the Local Zone. This could be exploited to execute...

CVE-2002-0452

Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible...

CVE-2002-0452

CVE-2002-0452 concerns Foundry Networks ServerIron switches where URIs are not decoded when applying a url-map rule. The root cause is improper URI decoding, which could allow an attacker to alter traffic routing so that requests are forwarded to a different server than intended. The documented i...

Обход защиты URL в ServerIron (protection bypass)

При разборе URI не происходит декодирования, что может привести к неправильному определению типа файла...