Lucene search
K

96 matches found

OpenVAS
OpenVAS
added 2021/11/05 12:0 a.m.15 views

Akka HTTP < 10.2.7 DoS Vulnerability

Akka HTTP is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

7.5CVSS7.4AI score0.36139EPSS
Exploits5References1
Veracode
Veracode
added 2021/11/04 6:15 a.m.24 views

Denial Of Service (DoS)

akka-http-core is vulnerable to Denial of Service DoS. A remote attacker is able to crash the application via a specifically crafted user-Agent header with deeply nested comments directed through vulnerable parser component...

7.5CVSS4.1AI score0.36139EPSS
Exploits5References7Affected Software2
NVD
NVD
added 2021/11/02 10:15 p.m.53 views

CVE-2021-42697

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

7.5CVSS0.36139EPSS
Exploits5References5
OSV
OSV
added 2021/11/02 10:15 p.m.22 views

CVE-2021-42697

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

7.5CVSS6.8AI score0.36139EPSS
Exploits5References5
Prion
Prion
added 2021/11/02 10:15 p.m.13 views

Design/Logic Flaw

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

5CVSS7.4AI score0.36139EPSS
Exploits5References5Affected Software1
Cvelist
Cvelist
added 2021/11/02 9:44 p.m.48 views

CVE-2021-42697

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

7.7AI score0.36139EPSS
Exploits5References5
CVE
CVE
added 2021/11/02 9:44 p.m.83 views

CVE-2021-42697

CVE-2021-42697 affects Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7, where parsing HTTP headers can stack-exhaust and enable a remote DoS via a User-Agent header containing deeply nested comments. Root cause: stack overflow during header parsing. Public advisories (GHSA/OSV) and explo...

7.5CVSS7.3AI score0.36139EPSS
Exploits5References5Affected Software1
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.8 views

Lightbeed Akka Akka-http缓冲区错误漏洞

Lightbeed Akka Akka-http is a toolkit from the Lightbeed community in China. It provides a more generalized toolkit for providing and using HTTP-based services. A buffer error vulnerability exists in Akka HTTP, which allows an attacker to conduct a denial of service attack by sending a User-Agent...

7.5CVSS7.5AI score0.36139EPSS
Exploits5References8
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:2 a.m.19 views

Security Bulletin: akka-http-core Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-23339)

Summary akka-http-core allows is vulnerable to allow multiple Transfer-Encoding headers on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-23339 DESCRIPTION: com.typesafe.akka:akka-http-core is vulnerable to request smuggling, caused by improper validation of request. By...

6.5CVSS1AI score0.00705EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 3:17 p.m.74 views

HTTP Request Smuggling in akka-http-core

A vulnerable Akka HTTP server will accept a malformed message and hand it over to the user. If the user application proxies this message to another server unchanged and that server also accepts that message but interprets it as two HTTP messages, the second message has reached the second server...

6.5CVSS0.2AI score0.00705EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/05/10 3:17 p.m.16 views

GHSA-2W7W-2J92-44HX HTTP Request Smuggling in akka-http-core

A vulnerable Akka HTTP server will accept a malformed message and hand it over to the user. If the user application proxies this message to another server unchanged and that server also accepts that message but interprets it as two HTTP messages, the second message has reached the second server...

6.5CVSS6.3AI score0.00705EPSS
Exploits0References5
NVD
NVD
added 2021/02/17 8:15 a.m.48 views

CVE-2021-23339

This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers...

6.5CVSS0.00705EPSS
Exploits0References2
Prion
Prion
added 2021/02/17 8:15 a.m.21 views

Design/Logic Flaw

This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers...

6.4CVSS6.4AI score0.00705EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/02/17 7:55 a.m.30 views

CVE-2021-23339 HTTP Request Smuggling

This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers...

5CVSS6.7AI score0.00705EPSS
Exploits0References2
CVE
CVE
added 2021/02/17 7:55 a.m.67 views

CVE-2021-23339

CVE-2021-23339 affects com.typesafe.akka:akka-http-core. The flaw allows multiple Transfer-Encoding headers, enabling HTTP Request Smuggling due to improper validation of requests. Affected versions are all before 10.1.14 and 10.2.0–10.2.4. The issue is rooted in how Transfer-Encoding is handled,...

6.5CVSS5.7AI score0.00705EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/02/17 12:0 a.m.10 views

Lightbeed Akka Akka-http Environment Issue Vulnerability

Lightbeed Akka Akka-http is a toolkit from the Lightbeed community in China. It provides a more generalized toolkit for providing and using HTTP-based services. An environment issue vulnerability exists in com.typesafe.akka:akka-http-core that allows multiple Transfer-Encoding headers...

6.5CVSS6.6AI score0.00705EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2021/02/15 2:42 p.m.5 views

ch.megard:akka-http-cors_2.12 (>=1.1.0 <=1.2.0), com.avast.grpc:grpc-json-bridge-akkahttp_2.12 (>=0.18.1 <=0.19.0) +242 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.12 (>=10.2.0 <=10.2.3)

com.typesafe.akka:akka-http-core2.12 MAVEN version =10.2.0, =1.1.0, =0.18.1, =5.6.1, =1.0.16, =1.0.16, =1.0.16, =1.8.0, =7.0, =0.1.22, =2.0.0, =1.3.0, =1.3.0, =0.7.1, =2.2.6, =2.4.0 and more Source cves: CVE-2021-23339 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-2315411...

6.5CVSS6.5AI score0.00705EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/02/15 2:42 p.m.5 views

biz.lobachev.annette:api-gateway-core_2.13 (=0.3.0), biz.lobachev.annette:application-api-gateway_2.13 (=0.3.0) +456 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.13 (>=10.2.0 <=10.2.3)

com.typesafe.akka:akka-http-core2.13 MAVEN version =10.2.0, =10.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.typesafe.akka:akka-http-core2.13 and may be impacted: - biz.lobachev.annette:api-gateway-core2.13 =0.3.0 -...

6.5CVSS6.5AI score0.00705EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/02/15 2:42 p.m.4 views

be.objectify:deadbolt-java_2.13 (=2.8.0), be.objectify:deadbolt-scala_2.13 (=2.8.0) +470 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.13 (>=10.1.10 <=10.1.13)

com.typesafe.akka:akka-http-core2.13 MAVEN version =10.1.10, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.1.2, =0.1.2, =0.2.0, =0.1.2, =0.1.2, =0.4.0, =0.4.0, =0.4.0, =0.5.1 and more Source cves: CVE-2021-23339 Source advisory: SNYK:JAVA-COMTYPESAFEAKKA-2315412...

6.5CVSS6.5AI score0.00705EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/02/15 2:42 p.m.5 views

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.lum:odinson-rest-api_2.12 (>=0.3.1 <=0.5.0) +897 more potentially affected by CVE-2021-23339 via com.typesafe.akka:akka-http-core_2.12 (>=10.0.0-RC2 <=10.1.13)

com.typesafe.akka:akka-http-core2.12 MAVEN version =10.0.0-RC2, =0.3.0, =0.3.1, =0.4.0, =2.6.0, =2.6.0, =0.3.0, =0.1.0, =0.6.0, =0.1.9, =1.0.0-RC1 - ch.wavein:wi-play-mongo2.12 =1.6 - cn.playscala:play-reactive-mongo2.12 =0.1.0 and more Source cves: CVE-2021-23339 Source advisory:...

6.5CVSS6.5AI score0.00705EPSS
Exploits0
Rows per page
Query Builder