Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
http-proxy project vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-16014
Http-proxy is a proxying library. Because of the way errors are handled in versions prior to 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.
Http-proxy Project Http-proxy
7.5
CVSSv2
CVE-2021-21322
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user e...
Fastify-http-proxy Project Fastify-http-proxy
9
CVSSv2
CVE-2019-10196
A flaw was found in http-proxy-agent, prior to version 2.1.0. It exists http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure throug...
Http-proxy-agent Project Http-proxy-agent
Fedoraproject Fedora 27
Redhat Software Collections -
Redhat Enterprise Linux 7.0
5
CVSSv2
CVE-2021-3116
before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py prior to 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).
Proxy.py Project Proxy.py
NA
CVE-2024-27140
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixe...
4.3
CVSSv2
CVE-2005-2088
The Apache HTTP server prior to 1.3.34, and 2.0.x prior to 2.0.55, when acting as an HTTP proxy, allows remote malicious users to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chu...
Apache Http Server
Debian Debian Linux 3.1
Debian Debian Linux 3.0
5
CVSSv2
CVE-2005-1268
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote malicious users to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
Apache Http Server
Redhat Enterprise Linux Desktop 3.0
Redhat Enterprise Linux Desktop 4.0
Redhat Enterprise Linux Server 4.0
Redhat Enterprise Linux Workstation 4.0
Redhat Enterprise Linux Workstation 3.0
Redhat Enterprise Linux Server 3.0
Debian Debian Linux 3.1
5
CVSSv2
CVE-2005-1108
The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote malicious users to overwrite the referrer field via a crafted HTTP request.
Junkbuster Internet Junkbuster 2.0.2 R2
7.5
CVSSv2
CVE-2005-1109
The filtering of URLs in JunkBuster prior to 2.0.2-r3 allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption.
Junkbuster Internet Junkbuster 2.0.2
Junkbuster Internet Junkbuster 2.0.2 R2
Junkbuster Internet Junkbuster 2.0.1
7.5
CVSSv2
CVE-2005-1857
Format string vulnerability in simpleproxy prior to 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply.
Simpleproxy Simpleproxy 3.0
Simpleproxy Simpleproxy 3.1
Simpleproxy Simpleproxy 2.2b
Simpleproxy Simpleproxy 3.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »