Download
| Alert*
|
oval:org.secpod.oval:def:503516
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling * golang: invalid public key causes panic in dsa.Verify For more details abou ... oval:org.secpod.oval:def:66518 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix: * golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling * golang: invalid public key causes panic in dsa.Verify For more details abou ... oval:org.secpod.oval:def:1801611 made the issue visible to everyone oval:org.secpod.oval:def:1601091 It was discovered that net/http in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or to filter bypasses depen ... oval:org.secpod.oval:def:117204 The Go Programming Language. oval:org.secpod.oval:def:1601080 It was discovered that net/http in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or to filter bypasses depen ... oval:org.secpod.oval:def:59284 The host is installed with Kubernetes version 1.14.x before 1.14.8, 1.15.x before 1.15.5 or 1.16.x before 1.16.2 and is prone to an HTTP protocol violation vulnerability. A flaw is present in the application, which fails to handle the Gos net/http Library. Successful exploitation allows attackers wh ... oval:org.secpod.oval:def:59282 The host is installed with Kubernetes version 1.14.x before 1.14.8, 1.15.x before 1.15.5 or 1.16.x before 1.16.2 and is prone to an HTTP protocol violation vulnerability. A flaw is present in the application, which fails to handle the Gos net/http Library. Successful exploitation allows attackers wh ... oval:org.secpod.oval:def:1700238 It was discovered that net/http in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or to filter bypasses depen ... oval:org.secpod.oval:def:1700298 It was discovered that net/http in golang does not correctly interpret HTTP requests where an HTTP header contains spaces before the colon. This could be abused by an attacker to smuggle HTTP requests when a proxy or a firewall is placed behind a server implemented in Go or to filter bypasses depen ... oval:org.secpod.oval:def:604546 It was discovered that the Go programming language did accept and normalize invalid HTTP/1.1 headers with a space before the colon, which could lead to filter bypasses or request smuggling in some setups. oval:org.secpod.oval:def:1504396 go-toolset [1.12.12-1] - Update for golang package fixes [1.12.12-1] - Bump version to 1.12.12 golang [1.12.12-4.0.1] - from upstream https://github.com/golang/go/issues/2775 - move arbitrary value 10% to 15% for GC tests, hits 10.48% on our - infrastructure - Resolves failing post build tests [Orab ... oval:org.secpod.oval:def:69762 It was discovered that the Go programming language did accept and normalize invalid HTTP/1.1 headers with a space before the colon, which could lead to filter bypasses or request smuggling in some setups. oval:org.secpod.oval:def:1504357 kubernetes [1.12.10-1.0.10] - [CVE-2019-16276] Kubernetes Vulnerabilities Allow Authentication Bypass, DoS [1.12.10-1.0.9] - Define rolling update for flannel [1.12.10-1.0.8] - Modify flannel/dashboard image tags to use images that have the cve fix kubeadm-ha-setup [0.0.2-1.0.68] - Pull image prior ... |
