Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
load balancer vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2021-22960
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
Llhttp Llhttp
Oracle Graalvm 21.3.0
Oracle Graalvm 20.3.4
Debian Debian Linux 11.0
6.8
CVSSv2
CVE-2022-23632
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the ro...
Traefik Traefik
Oracle Communications Unified Inventory Management 7.5.0
7.5
CVSSv2
CVE-2005-1391
Buffer overflow in the add_port function in APSIS Pound 1.8.2 and previous versions allows remote malicious users to execute arbitrary code via a long Host HTTP header.
Apsis Pound 1.8.2
4.3
CVSSv2
CVE-2005-3751
HTTP request smuggling vulnerability in Pound prior to 1.9.4 allows remote malicious users to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.
Apsis Pound
6.8
CVSSv2
CVE-2021-32813
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a priv...
Traefik Traefik
4.3
CVSSv2
CVE-2011-3348
The mod_proxy_ajp module in the Apache HTTP Server prior to 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote malicious users to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
Apache Http Server
Redhat Jboss Enterprise Web Server 1.0.0
NA
CVE-2022-31109
laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the ho...
Getlaminas Laminas-diactoros
7.5
CVSSv2
CVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
Nodejs Node.js
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Opensuse Leap 15.1
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Software Collections 1.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat Enterprise Linux Eus 7.7
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux Server Tus 8.6
Redhat Enterprise Linux Eus 8.6
5
CVSSv2
CVE-2011-3368
The mod_proxy module in the Apache HTTP Server 1.3.x up to and including 1.3.42, 2.0.x up to and including 2.0.64, and 2.2.x up to and including 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse pro...
Apache Http Server 1.3.38
Apache Http Server 1.3.23
Apache Http Server 1.3.27
Apache Http Server 1.3.10
Apache Http Server 1.3.33
Apache Http Server 1.3.8
Apache Http Server 1.3.36
Apache Http Server 1.3.16
Apache Http Server 1.3.1
Apache Http Server 1.3.25
Apache Http Server 1.3.28
Apache Http Server 1.3.19
Apache Http Server 1.3.31
Apache Http Server 1.3.68
Apache Http Server 1.3.24
Apache Http Server 1.3.5
Apache Http Server 1.3.20
Apache Http Server 1.3.35
Apache Http Server 1.3.6
Apache Http Server 1.3.2
Apache Http Server 1.3.34
Apache Http Server 1.3.4
1 EDB exploit
2 Nmap scripts
2 Github repositories
NA
CVE-2023-28842
Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docke...
Mobyproject Moby
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »