124 matches found
AZL-10618 CVE-2021-28861 affecting package python3 for versions less than 3.9.19-1
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...
CVE-2021-28861
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...
CVE-2021-28861
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...
curl: error parse uri path in curl
Summary: add summary of the vulnerability The uri path error could lead to security filter bypasses. For example, we can use curl -vv 'fh-jle:///etc/passwd' to bypass file protocol black list we can use curl -vv 'http://1.1.1.1:80-9000' to scan the open port in the host etc ... Steps To Reproduce...
Grafana Cross-site Scripting (CVE-2021-41174)
A cross-site scripting vulnerability exists in Grafana. The vulnerability is due to insufficient validation of user input in the URI path...
The vulnerability of the mod_proxy_uwsgi function in the Apache HTTP Server allows a hacker to cause a service failure.
The vulnerability of the modproxyuwsgi function in the Apache HTTP Server is related to the reading of data beyond the specified buffer. Exploiting this vulnerability can allow a malicious actor to cause a service failure for an application through a uri-path request...
CVE-2021-22053
Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...
CVE-2021-22053
Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...
httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"
A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...
SUSE-SU-2021:3335-1 Security update for apache2
This update for apache2 fixes the following issues: - CVE-2021-40438: Fixed a SRF via a crafted request uri-path. bsc1190703 - CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. bsc1190702 - CVE-2021-39275: Fixed an out-of-bounds write in apescapequotes via malicious inpu...
PT-2021-23077 · Http4S · Http4S
Name of the Vulnerable Software and Affected Versions: http4s versions prior to 0.21.30 http4s versions prior to 0.22.5 http4s versions prior to 0.23.4 http4s versions prior to 1.0.0-M27 Description: http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input...
AZL-6487 CVE-2021-40438 affecting package httpd for versions less than 2.4.52-1
A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...
DEBIAN-CVE-2021-40438
A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...
Design/Logic Flaw
A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2021-40438 mod_proxy SSRF
A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting XSS vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page...
Cross site scripting
Cross Site Scripting XSS vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page...
Cross-site Scripting
Cross Site Scripting XSS vulnerability exists in the admin panel in Beego via the URI path in an HTTP request, which is activated by administrators viewing the Request Statistics page...
CVE-2021-39156
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...
CVE-2021-32779
An authorization bypass vulnerability was found in envoyproxy/envoy. When a URI path-based authorization policy is specified, envoy incorrectly evaluates the HTTP request which contains a URI fragment. This flaw allows an attacker to bypass the authorization policy and access downstream services...