Lucene search
K

96 matches found

Github Security Blog
Github Security Blog
added 2018/10/22 8:37 p.m.24 views

High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...

7.8CVSS5.1AI score0.03054EPSS
Exploits0References6Affected Software2
Veracode
Veracode
added 2018/09/11 6:51 a.m.7 views

Directory Traversal

akka-http is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization of the resource path, allowing directory traversal in windows deployments...

6.6AI score
Exploits0
Veracode
Veracode
added 2018/08/31 2:42 a.m.20 views

Denial Of Service (DoS) Via Zip Bomb

akka-http is vulnerable to denial of service via a Zip Bomb. The vulnerability is caused by the application not having size limitations on decompressed data from the directives decodeRequest and decodeRequestWith or when using them in combination with directives like entityas, toStrict, or...

7.5CVSS7.1AI score0.03054EPSS
Exploits0References5Affected Software3
OpenVAS
OpenVAS
added 2018/08/31 12:0 a.m.57 views

Akka HTTP 10.0.x, 10.1.x Denial of Service vulnerability

Akka HTTP is prone to a Denial of Service vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.8CVSS7.5AI score0.03054EPSS
Exploits0References2
Prion
Prion
added 2018/08/30 1:29 p.m.13 views

Design/Logic Flaw

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...

7.8CVSS7.3AI score0.03054EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2018/08/30 1:29 p.m.19 views

CVE-2018-16131

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...

7.8CVSS7.4AI score0.03054EPSS
Exploits0References4
OSV
OSV
added 2018/08/30 1:29 p.m.13 views

CVE-2018-16131

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...

7.5CVSS6.8AI score
Exploits0References4
Cvelist
Cvelist
added 2018/08/30 1:0 p.m.16 views

CVE-2018-16131

The decodeRequest and decodeRequestWith directives in Lightbend Akka HTTP 10.1.x through 10.1.4 and 10.0.x through 10.0.13 allow remote attackers to cause a denial of service memory consumption and daemon crash via a ZIP bomb...

7.3AI score0.03054EPSS
Exploits0References4
CVE
CVE
added 2018/08/30 1:0 p.m.78 views

CVE-2018-16131

The CVE-2018-16131 issue affects Lightbend Akka HTTP, specifically the decodeRequest and decodeRequestWith directives in Akka HTTP 10.0.x (up to 10.0.13) and 10.1.x (up to 10.1.4). The root cause is that these directives allow decompression of unbounded input, enabling a ZIP bomb to cause a denia...

7.8CVSS7.2AI score0.03054EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2017/11/03 12:0 a.m.11 views

akka HTTP Detection

Detection of akka HTTP server. The script sends a connection request to the server and attempts to detect akka HTTP server and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2017/11/03 12:0 a.m.31 views

akka HTTP DoS Vulnerability

akka HTTP is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:akka:http"; if descripti...

7.5CVSS7.4AI score0.01103EPSS
Exploits0References1
NVD
NVD
added 2017/10/05 1:29 a.m.11 views

CVE-2017-1000118

Akka HTTP versions = 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service...

7.5CVSS7.5AI score0.01103EPSS
Exploits0References1
OSV
OSV
added 2017/10/05 1:29 a.m.9 views

CVE-2017-1000118

Akka HTTP versions = 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service...

7.5CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2017/10/05 1:29 a.m.16 views

Design/Logic Flaw

Akka HTTP versions = 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service...

5CVSS7.4AI score0.01103EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/10/04 1:0 a.m.86 views

CVE-2017-1000118

CVE-2017-1000118 affects Akka HTTP versions

7.5CVSS7.3AI score0.01103EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/10/04 1:0 a.m.23 views

CVE-2017-1000118

Akka HTTP versions = 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service...

7.4AI score0.01103EPSS
Exploits0References1
Rows per page
Query Builder