Lucene search

K
redosRedosROS-20240409-12
HistoryApr 09, 2024 - 12:00 a.m.

ROS-20240409-12

2024-04-0900:00:00
redos.red-soft.ru
12
vulnerability
zlib
eclipse jetty
buffer boundaries
remote attacker
arbitrary code
servlet container
input data length
an attacker
http request smuggling
unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.003

Percentile

71.6%

A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory.
Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code

Eclipse Jetty servlet container vulnerability is related to errors in processing input data length parameters.
data length parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute
arbitrary commands

Eclipse Jetty servlet container vulnerability is related to errors in processing input data length parameters.
data length parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute an attack such as
β€œHTTP request smuggling” attack

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64apache-kafka<=Β 3.6.1-1UNKNOWN

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

Low

EPSS

0.003

Percentile

71.6%