Cookie Consent by Free Privacy Policy Generator Aktuallisiere deine Cookie Einstellungen ๐Ÿ“Œ Internet Bug Bounty: [CVE-2024-26142] ReDoS vulnerability in Accept header parsing in Action Dispatch
Team IT Security Nachrichtenportal Logo


๐Ÿ“š Internet Bug Bounty: [CVE-2024-26142] ReDoS vulnerability in Accept header parsing in Action Dispatch


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: vulners.com


image
I've made a report and provided a patch https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946 Impact Carefully crafted Accept headers can cause Accept header parsing in Action Dispatch to take an unexpected amount of time, possibly resulting in a DoS... ...



Sharing is caring on Social Media

๐Ÿ”— Reddit
๐Ÿ”— Telegram
๐Ÿ”— LinkedIn
๐Ÿ”— Xing
๐Ÿ”— Twitter
๐Ÿ”— Whatsapp
๐Ÿ”— Facebook
๐Ÿ”— Flipboard

Join the Team IT Security Community

๐Ÿ”— "IT Sicherheit" Reddit-Gruppe
๐Ÿ”— "IT Sicherheit" Telegramm-Seite

๐Ÿ“Œ CVE-2023-22795 | actionpack Gem on Ruby Action Dispatch redos


๐Ÿ“ˆ 47.81 Punkte

๐Ÿ“Œ CVE-2023-22792 | actionpack Gem prior 6.1.7.1 on Ruby Action Dispatch redos


๐Ÿ“ˆ 47.81 Punkte

๐Ÿ“Œ Internet Bug Bounty: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields


๐Ÿ“ˆ 41.09 Punkte

๐Ÿ“Œ Internet Bug Bounty: CVE-2023-28755: ReDoS vulnerability in URI


๐Ÿ“ˆ 41.09 Punkte

๐Ÿ“Œ Internet Bug Bounty: ReDoS (Rails::Html::PermitScrubber.scrub_attribute)


๐Ÿ“ˆ 37.12 Punkte

๐Ÿ“Œ Internet Bug Bounty: ReDoS( Ruby, Time)


๐Ÿ“ˆ 37.12 Punkte

๐Ÿ“Œ Internet Bug Bounty: Rack CVE-2022-30122: Denial of Service Vulnerability in Rack Multipart Parsing


๐Ÿ“ˆ 35.8 Punkte

๐Ÿ“Œ Internet Bug Bounty: Possible DoS Vulnerability in Multipart MIME parsing in rack


๐Ÿ“ˆ 34.8 Punkte

๐Ÿ“Œ Internet Bug Bounty: CVE-2022-32213 - HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding


๐Ÿ“ˆ 32.83 Punkte

๐Ÿ“Œ Internet Bug Bounty: CVE-2022-32215 - HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding


๐Ÿ“ˆ 32.83 Punkte

๐Ÿ“Œ [Bug Bounty Hacker] Yahoo Bug Bounty Program 2016 - Sender Spoofing Vulnerability


๐Ÿ“ˆ 29.17 Punkte

๐Ÿ“Œ Ebay Inc Bug Bounty Magento Commerce Bug Bounty - Persistent Cross Site Scripting Vulnerability


๐Ÿ“ˆ 29.17 Punkte

๐Ÿ“Œ Internet Bug Bounty: Open Redirect Vulnerability in Action Pack


๐Ÿ“ˆ 27.85 Punkte

๐Ÿ“Œ Internet Bug Bounty: CVE-2022-32214 - HTTP Request Smuggling Due To Improper Delimiting of Header Fields


๐Ÿ“ˆ 27.67 Punkte

๐Ÿ“Œ Internet Bug Bounty: [curl] CVE-2023-38039: HTTP header allocation DOS


๐Ÿ“ˆ 27.67 Punkte

๐Ÿ“Œ CVE-2022-32149 | Google Go Header ParseAcceptLanguage Accept-Language denial of service


๐Ÿ“ˆ 26.72 Punkte

๐Ÿ“Œ CVE-2011-4082 | phpLDAPadmin up to 0.9.7 HTTP Header Accept-Language resource consumption


๐Ÿ“ˆ 26.72 Punkte

๐Ÿ“Œ Internet Bug Bounty: HTTP multi-header compression denial of service


๐Ÿ“ˆ 26.67 Punkte

๐Ÿ“Œ Internet Bug Bounty: Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information


๐Ÿ“ˆ 26.67 Punkte

๐Ÿ“Œ Internet Bug Bounty: Proxy-Authorization header is not cleared in cross-domain redirect in undici


๐Ÿ“ˆ 26.67 Punkte

๐Ÿ“Œ Internet Bug Bounty: Proxy-Authorization header not cleared on cross-origin redirect in undici.request


๐Ÿ“ˆ 26.67 Punkte

๐Ÿ“Œ Naked Security Live โ€“ When is a bug bounty not a bug bounty?


๐Ÿ“ˆ 26.2 Punkte

๐Ÿ“Œ Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating a Successful Bug Bounty Program


๐Ÿ“ˆ 26.2 Punkte

๐Ÿ“Œ Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating a Successful Bug Bounty Program


๐Ÿ“ˆ 26.2 Punkte

๐Ÿ“Œ Bug Bounty Platforms [Best Choices For a Bug Bounty Program]


๐Ÿ“ˆ 26.2 Punkte

๐Ÿ“Œ Bug Bounty Benefits | Why You Need a Bug Bounty Program


๐Ÿ“ˆ 26.2 Punkte

๐Ÿ“Œ Blockchain Bug Bounty: Melonport AG is running a 1week bug bounty where you can earn up to MLN 5000 (app. CHF 130k at the time of writing) for finding vulnerabilities in the code. Good luck!


๐Ÿ“ˆ 26.2 Punkte

๐Ÿ“Œ Fear and hacking on the bug bounty trail: write up of Atlassian's first (Bugcrowd) Bug Bounty event in Sydney


๐Ÿ“ˆ 26.2 Punkte

๐Ÿ“Œ Google-Dorks-Bug-Bounty - A List Of Google Dorks For Bug Bounty, Web Application Security, And Pentesting


๐Ÿ“ˆ 26.2 Punkte

๐Ÿ“Œ Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting


๐Ÿ“ˆ 25.72 Punkte

๐Ÿ“Œ Akka http up to 10.0.5 HTTP Header Accept Stack-based denial of service


๐Ÿ“ˆ 25.72 Punkte

๐Ÿ“Œ WebLog Expert Web Server Enterprise 9.4 Service Port 9991 HTTP Accept Header Crash denial of service


๐Ÿ“ˆ 25.72 Punkte

๐Ÿ“Œ LiveZilla Live Chat 7.0.9.5 chat/mobile/index.php Accept-Language Header cross site scripting


๐Ÿ“ˆ 25.72 Punkte

๐Ÿ“Œ Hapi up to 16.1.0 on Node.js HTTP Header Accept-Encoding Crash denial of service


๐Ÿ“ˆ 25.72 Punkte

๐Ÿ“Œ Eclipse Jetty up to 9.4.36.v20210114/10.0.0/11.0.0 Accept Header algorithmic complexity


๐Ÿ“ˆ 25.72 Punkte











matomo