EUVD-2003-1173

Malware in sbrugna...

Webcache Poisoning in shopware/platform and shopware/core

Impact Webcache Poisoning via X-Forwarded-Prefix and sub-request Patches We recommend updating to the current version 6.4.6.1. You can get the update to 6.4.6.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For...

GHSA-R64M-QCHJ-HRJP Webcache Poisoning in shopware/platform and shopware/core

Impact Webcache Poisoning via X-Forwarded-Prefix and sub-request Patches We recommend updating to the current version 6.4.6.1. You can get the update to 6.4.6.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For...

GHSA-Q3J3-W37X-HQ2Q Webcache Poisoning in symfony/http-kernel

Description ----------- When a Symfony application is running behind a proxy or a load-balancer, you can tell Symfony to look for the X-Forwarded- HTTP headers. HTTP headers that are not part of the "trustedheaders" allowed list are ignored and protect you from "Cache poisoning" attacks. In Symfo...

Webcache Poisoning in symfony/http-kernel

Description ----------- When a Symfony application is running behind a proxy or a load-balancer, you can tell Symfony to look for the X-Forwarded- HTTP headers. HTTP headers that are not part of the "trustedheaders" allowed list are ignored and protect you from "Cache poisoning" attacks. In Symfo...

CVE-2021-41267 Webcache Poisoning in Symfony

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the "trustedheaders" allowed list are ignored and protect users from "Cache poisoning" attacks. In Symfony 5.2,...

CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request

More info at https://symfony.com/cve-2021-41267...

CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request

More info at https://symfony.com/cve-2021-41267...

Mail.ru: [allods.mail.ru] - WebCache Poisoning Host Header lead to Potential Stored XSS

Attacker can flush web cache to inject malicious payload in Host header at allods.mail.ru . Example: Host: allods.mail.ru:13373"--alert1;...

Oracle Application Server 9.0 HTTP Service Mod_Access Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13418/info Oracle HTTP ServerOHS of Oracle Application Server is prone to an access restriction bypass vulnerability. It is possible to configure a list of forbidden URIs in OHS. This is accomplished using 'modaccess'. A...

Oracle Application Server 9i Webcache Arbitrary File Corruption Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13420/info Oracle Application Server 9i Webcache is prone to an arbitrary file corruption vulnerability. The issue exists becaue dangerous characters are not removed from a certain parameter value, allowing an attacker to...

Oracle Application Server 9i Webcache Cache_dump_file Cross-Site Scripting Vulnerability

No description provided by source. source : http://www.securityfocus.com/bid/13421/info A remote cross-site scripting vulnerability affects the Oracle Application Server 9i Webcache administration console. This issue is due to a failure of the application to properly sanitize user-supplied input...

Oracle 9i Application Server Web Cache Admin Interface DoS Vulnerability - Active Check

Oracle 9i Application Server AS Web Cache is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2002 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

[Full-disclosure] Silently fixed security bugs in Oracle Critical Patch Update July 2005

Hello BugTraq-Reader After reading the patch documentation and some tests with the CPU July 2005 I found out that Oracle fixed some security bugs silently without mention these bugs in their current risk matrix. Detailed information about most of these bugs are not available via Metalink but in...

CVE-2003-1183

The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access...

CVE-2003-1183

The CVE concerns the WebCache component in Oracle Files within Oracle Collaboration Suite Release 1. versions 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 cache files despite Oracle Files cacheability rules, allowing local users to gain access. Affected product/area: WebCache in Oracle Files. Underlying i...

CVE-2005-1383

The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server modaccess restrictions via a request to the webcache TCP port 7778...

CVE-2005-1381

Multiple cross-site scripting XSS vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the 1 cachedumpfile or 2 PartialPageErrorPage parameter...

CVE-2005-1382

The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cachedumpfile parameter...

CVE-2005-1383

The CVE-2005-1383 issue affects Oracle Application Server’s Oracle HTTP Server (OHS) when UseWebCacheIP is disabled. An attacker can bypass mod_access restrictions by sending a request to the webcache TCP port 7778, leading to unauthorized access to protected resources. Connected advisories confi...