Lucene search
+L

97 matches found

OpenVAS
OpenVAS
added 2021/11/05 12:0 a.m.16 views

Akka HTTP < 10.2.7 DoS Vulnerability

Akka HTTP is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

7.5CVSS7.4AI score0.36139EPSS
Exploits5References1
Veracode
Veracode
added 2021/11/04 6:15 a.m.25 views

Denial Of Service (DoS)

akka-http-core is vulnerable to Denial of Service DoS. A remote attacker is able to crash the application via a specifically crafted user-Agent header with deeply nested comments directed through vulnerable parser component...

7.5CVSS4.1AI score0.36139EPSS
Exploits5References7Affected Software2
NVD
NVD
added 2021/11/02 10:15 p.m.54 views

CVE-2021-42697

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

7.5CVSS0.36139EPSS
Exploits5References5
OSV
OSV
added 2021/11/02 10:15 p.m.24 views

CVE-2021-42697

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

7.5CVSS6.8AI score0.36139EPSS
Exploits5References5
Prion
Prion
added 2021/11/02 10:15 p.m.14 views

Design/Logic Flaw

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

5CVSS7.4AI score0.36139EPSS
Exploits5References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/11/02 10:15 p.m.2 views

CVE-2021-42697

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

7.5CVSS7.2AI score0.36139EPSS
Exploits5References6
Cvelist
Cvelist
added 2021/11/02 9:44 p.m.49 views

CVE-2021-42697

Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments...

7.7AI score0.36139EPSS
Exploits5References5
CVE
CVE
added 2021/11/02 9:44 p.m.86 views

CVE-2021-42697

CVE-2021-42697 affects Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7, where parsing HTTP headers can stack-exhaust and enable a remote DoS via a User-Agent header containing deeply nested comments. Root cause: stack overflow during header parsing. Public advisories (GHSA/OSV) and explo...

7.5CVSS7.3AI score0.36139EPSS
Exploits5References5Affected Software1
CNNVD
CNNVD
added 2021/11/02 12:0 a.m.10 views

Lightbeed Akka Akka-http缓冲区错误漏洞

Lightbeed Akka Akka-http is a toolkit from the Lightbeed community in China. It provides a more generalized toolkit for providing and using HTTP-based services. A buffer error vulnerability exists in Akka HTTP, which allows an attacker to conduct a denial of service attack by sending a User-Agent...

7.5CVSS7.5AI score0.36139EPSS
Exploits5References8
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/30 5:2 a.m.20 views

Security Bulletin: akka-http-core Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-23339)

Summary akka-http-core allows is vulnerable to allow multiple Transfer-Encoding headers on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-23339 DESCRIPTION: com.typesafe.akka:akka-http-core is vulnerable to request smuggling, caused by improper validation of request. By...

6.5CVSS1AI score0.00705EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 3:17 p.m.74 views

HTTP Request Smuggling in akka-http-core

A vulnerable Akka HTTP server will accept a malformed message and hand it over to the user. If the user application proxies this message to another server unchanged and that server also accepts that message but interprets it as two HTTP messages, the second message has reached the second server...

6.5CVSS0.2AI score0.00705EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/05/10 3:17 p.m.17 views

GHSA-2W7W-2J92-44HX HTTP Request Smuggling in akka-http-core

A vulnerable Akka HTTP server will accept a malformed message and hand it over to the user. If the user application proxies this message to another server unchanged and that server also accepts that message but interprets it as two HTTP messages, the second message has reached the second server...

6.5CVSS6.3AI score0.00705EPSS
Exploits0References5
NVD
NVD
added 2021/02/17 8:15 a.m.49 views

CVE-2021-23339

This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers...

6.5CVSS0.00705EPSS
Exploits0References2
Prion
Prion
added 2021/02/17 8:15 a.m.22 views

Design/Logic Flaw

This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers...

6.4CVSS6.4AI score0.00705EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/02/17 7:55 a.m.70 views

CVE-2021-23339

CVE-2021-23339 affects com.typesafe.akka:akka-http-core. The flaw allows multiple Transfer-Encoding headers, enabling HTTP Request Smuggling due to improper validation of requests. Affected versions are all before 10.1.14 and 10.2.0–10.2.4. The issue is rooted in how Transfer-Encoding is handled,...

6.5CVSS5.7AI score0.00705EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/02/17 7:55 a.m.32 views

CVE-2021-23339 HTTP Request Smuggling

This affects all versions before 10.1.14 and from 10.2.0 to 10.2.4 of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers...

5CVSS6.7AI score0.00705EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/02/17 12:0 a.m.12 views

Lightbeed Akka Akka-http Environment Issue Vulnerability

Lightbeed Akka Akka-http is a toolkit from the Lightbeed community in China. It provides a more generalized toolkit for providing and using HTTP-based services. An environment issue vulnerability exists in com.typesafe.akka:akka-http-core that allows multiple Transfer-Encoding headers...

6.5CVSS6.6AI score0.00705EPSS
Exploits0References4
Snyk
Snyk
added 2021/02/15 2:42 p.m.5 views

HTTP Request Smuggling

Overview com.typesafe.akka:akka-http-core2.11 is a Scala implementation of the akka-http-core library which provides a streaming-first HTTP server and client. Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows multiple Transfer-Encoding headers. Remediation...

6.5CVSS6.9AI score0.00705EPSS
Exploits0References2
Snyk
Snyk
added 2021/02/15 2:42 p.m.4 views

HTTP Request Smuggling

Overview com.typesafe.akka:akka-http-core2.12 is a Scala implementation of the akka-http-core library which provides a streaming-first HTTP server and client. Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows multiple Transfer-Encoding headers. Remediation...

6.5CVSS6.9AI score0.00705EPSS
Exploits0References2
Snyk
Snyk
added 2021/02/15 2:42 p.m.3 views

HTTP Request Smuggling

Overview com.typesafe.akka:akka-http-core is a full server- and client-side HTTP stack on top of akka-actor and akka-stream. Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows multiple Transfer-Encoding headers. Remediation Upgrade com.typesafe.akka:akka-http-co...

6.5CVSS6.9AI score0.00705EPSS
Exploits0References2
Rows per page
Query Builder