Lucene search
K

124 matches found

osv
osv
added 2022/08/23 1:15 a.m.7 views

AZL-10618 CVE-2021-28861 affecting package python3 for versions less than 3.9.19-1

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...

7.4CVSS6.7AI score0.0199EPSS
Exploits0References1
cvelist
cvelist
added 2022/08/23 12:0 a.m.41 views

CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...

7.6AI score0.0199EPSS
Exploits0References18
debiancve
debiancve
added 2022/08/23 12:0 a.m.38 views

CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...

7.4CVSS7.6AI score0.0199EPSS
Exploits0
hackerone
hackerone
added 2022/05/12 6:20 a.m.34 views

curl: error parse uri path in curl

Summary: add summary of the vulnerability The uri path error could lead to security filter bypasses. For example, we can use curl -vv 'fh-jle:///etc/passwd' to bypass file protocol black list we can use curl -vv 'http://1.1.1.1:80-9000' to scan the open port in the host etc ... Steps To Reproduce...

7.1AI score
Exploits0
checkpoint_advisories
checkpoint_advisories
added 2021/12/27 12:0 a.m.49 views

Grafana Cross-site Scripting (CVE-2021-41174)

A cross-site scripting vulnerability exists in Grafana. The vulnerability is due to insufficient validation of user input in the URI path...

4.3CVSS2.2AI score0.84607EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2021/12/16 12:0 a.m.4 views

The vulnerability of the mod_proxy_uwsgi function in the Apache HTTP Server allows a hacker to cause a service failure.

The vulnerability of the modproxyuwsgi function in the Apache HTTP Server is related to the reading of data beyond the specified buffer. Exploiting this vulnerability can allow a malicious actor to cause a service failure for an application through a uri-path request...

7.8CVSS7.4AI score0.62887EPSS
Exploits0References15Affected Software10
osv
osv
added 2021/11/19 4:15 p.m.42 views

CVE-2021-22053

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

8.8CVSS7.3AI score0.13035EPSS
Exploits0References1
cvelist
cvelist
added 2021/11/19 3:56 p.m.75 views

CVE-2021-22053

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;user-provided data, the path elements following...

9.2AI score0.13035EPSS
Exploits0References1
redhat
redhat
added 2021/10/13 7:26 a.m.4 views

httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"

A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...

9CVSS7.1AI score0.99999EPSS
Exploits5References5
osv
osv
added 2021/10/12 6:19 a.m.24 views

SUSE-SU-2021:3335-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2021-40438: Fixed a SRF via a crafted request uri-path. bsc1190703 - CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. bsc1190702 - CVE-2021-39275: Fixed an out-of-bounds write in apescapequotes via malicious inpu...

9.8CVSS8.5AI score0.99999EPSS
Exploits6References11
ptsecurity
ptsecurity
added 2021/09/21 12:0 a.m.6 views

PT-2021-23077 · Http4S · Http4S

Name of the Vulnerable Software and Affected Versions: http4s versions prior to 0.21.30 http4s versions prior to 0.22.5 http4s versions prior to 0.23.4 http4s versions prior to 1.0.0-M27 Description: http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input...

8.7CVSS5.5AI score0.01196EPSS
Exploits1References9
osv
osv
added 2021/09/16 3:15 p.m.11 views

AZL-6487 CVE-2021-40438 affecting package httpd for versions less than 2.4.52-1

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

9CVSS7AI score0.99999EPSS
Exploits5References1
osv
osv
added 2021/09/16 3:15 p.m.4 views

DEBIAN-CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

9CVSS7.5AI score0.99999EPSS
Exploits5References1
prion
prion
added 2021/09/16 3:15 p.m.54 views

Design/Logic Flaw

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

6.8CVSS9.1AI score0.99999EPSS
Exploits5References19Affected Software9
vulnrichment
vulnrichment
added 2021/09/16 2:40 p.m.18 views

CVE-2021-40438 mod_proxy SSRF

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

9.1AI score0.99999EPSS
Exploits5References19
gitlab
gitlab
added 2021/09/15 12:0 a.m.36 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross Site Scripting XSS vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page...

6.1CVSS2.2AI score0.00795EPSS
Exploits1References3Affected Software1
prion
prion
added 2021/09/14 6:15 p.m.15 views

Cross site scripting

Cross Site Scripting XSS vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page...

4.3CVSS6AI score0.00795EPSS
Exploits1References2Affected Software1
gitlab
gitlab
added 2021/09/14 12:0 a.m.42 views

Cross-site Scripting

Cross Site Scripting XSS vulnerability exists in the admin panel in Beego via the URI path in an HTTP request, which is activated by administrators viewing the Request Statistics page...

6.1CVSS2AI score0.00795EPSS
Exploits1References2Affected Software1
nvd
nvd
added 2021/08/24 11:15 p.m.30 views

CVE-2021-39156

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...

8.1CVSS0.0109EPSS
Exploits0References2
redhatcve
redhatcve
added 2021/08/24 10:14 p.m.62 views

CVE-2021-32779

An authorization bypass vulnerability was found in envoyproxy/envoy. When a URI path-based authorization policy is specified, envoy incorrectly evaluates the HTTP request which contains a URI fragment. This flaw allows an attacker to bypass the authorization policy and access downstream services...

8.6CVSS2.4AI score0.00948EPSS
Exploits0References4
Rows per page
Query Builder