Lucene search
+L

178 matches found

CNNVD
CNNVD
added 2022/07/13 12:0 a.m.6 views

多款Schneider Electric产品缓冲区错误漏洞

The Schneider Electric OPC UA Modicon Communication Module and the Schneider Electric X80 advanced RTU Communication Module are both products of the French company Schneider Electric. The Schneider Electric OPC UA Modicon Communication Module is an Ethernet communication module with an embedded O...

7.5CVSS7.6AI score0.00728EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/12 11:0 a.m.4 views

CVE-2022-34759

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prior...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References2
OSV
OSV
added 2022/04/19 2:5 p.m.8 views

CLSA-2022-1650377152 Fix CVE(s): CVE-2020-11724

SECURITY UPDATE: HTTP request smuggling in Lua module - debian/modules/nginx-lua: Fix parsing HTTP headers in the ngx.location.capture API porting an upstream patch 9ab38e8ee35fc08a57636b1b6190dca70b0076fa from https://github.com/openresty/lua-nginx-module - CVE-2020-11724...

7.5CVSS7.1AI score0.02599EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/03/30 12:0 a.m.16 views

PT-2022-7650 · Puma +11 · Puma +11

Name of the Vulnerable Software and Affected Versions: Puma versions prior to 4.3.12 Puma versions prior to 5.6.4 Description: The issue is related to the handling of HTTP requests in Puma, a server for Ruby/Rack applications. When Puma is used behind a proxy that does not properly validate...

9.8CVSS6.3AI score0.99888EPSS
Exploits8References90
Tenable Nessus
Tenable Nessus
added 2021/10/27 12:0 a.m.52 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : tomcat Multiple Vulnerabilities (NS-SA-2021-0144)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has tomcat packages installed that are affected by multiple vulnerabilities: - When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacke...

7.5CVSS7.5AI score0.87553EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2021/01/14 12:0 a.m.35 views

Amazon Linux AMI : tomcat7 (ALAS-2021-1472)

The version of tomcat7 installed on the remote host is prior to 7.0.107-1.39. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1472 advisory. A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some...

5.8CVSS7.4AI score0.09386EPSS
Exploits0References3
OSV
OSV
added 2021/01/02 6:15 a.m.14 views

AZL-44148 CVE-2020-28852 affecting package buildah for versions less than 1.41.4-2

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

7.5CVSS7.1AI score0.01674EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2020/12/18 12:0 a.m.229 views

Amazon Linux AMI : tomcat7 (ALAS-2020-1472) (deprecated)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1472 advisory. - In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approa...

7.9AI score0.09386EPSS
Exploits0References3
Amazon
Amazon
added 2020/12/16 8:51 p.m.48 views

Low: tomcat7

Issue Overview: A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that...

5.8CVSS1.2AI score0.09386EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/11/12 12:0 a.m.34 views

Oracle Linux 7 : tomcat (ELSA-2020-5020)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5020 advisory. 0:7.0.76-16 - Resolves: rhbz1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling Tenable has extracted the...

5.8CVSS7.4AI score0.09386EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/09/07 12:57 p.m.6 views

EAP: field-name is not parsed in accordance to RFC7230

A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400...

5.3CVSS5.9AI score0.0119EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/08/06 12:0 a.m.54 views

Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4448-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4448-1 advisory. It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause...

7.5CVSS8AI score0.87553EPSS
Exploits17References4
OSV
OSV
added 2020/06/07 10:17 p.m.6 views

OPENSUSE-SU-2020:0778-1 Security update for axel

This update for axel fixes the following issues: axel was updated to 2.17.8: CVE-2020-13614: SSL Certificate Hostnames were not verified boo1172159 Replaced progressbar line clearing with terminal control sequence Fixed parsing of Content-Disposition HTTP header Fixed User-Agent HTTP header never...

5.9CVSS6.1AI score0.01928EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/05/29 12:0 a.m.59 views

Debian DLA-2209-1 : tomcat8 security update

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. WARNING: The fix for CVE-2020-1938 may disrupt services that rely on a working AJP configuration. The option secretRequired defaults to true now. You should define a secret in your server.xml or you can...

9.8CVSS7.8AI score0.9927EPSS
Exploits60References6
BDU FSTEC
BDU FSTEC
added 2020/05/07 12:0 a.m.4 views

The vulnerability of the NIO-infrastructure client/server architecture for Java Netty, related to the inconsistent interpretation of http requests, allows attackers to compromise data integrity.

The vulnerability of the NIO-server/client infrastructure for Java Netty is related to improper handling of double colon gaps in HTTP headers. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

7.8CVSS6.9AI score0.08415EPSS
Exploits1References6Affected Software3
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.67 views

Debian DLA-2133-1 : tomcat7 security update

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 The refactoring in 7.0.98 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request...

9.8CVSS7.7AI score0.9927EPSS
Exploits46References5
Github Security Blog
Github Security Blog
added 2020/02/28 1:10 a.m.268 views

Potential HTTP request smuggling in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

5.8CVSS1AI score0.09386EPSS
Exploits0References21Affected Software2
OSV
OSV
added 2020/02/24 10:15 p.m.49 views

CVE-2020-1935

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

4.8CVSS6.2AI score
Exploits0References19
UbuntuCve
UbuntuCve
added 2020/02/24 10:15 p.m.72 views

CVE-2020-1935

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

5.8CVSS7AI score0.09386EPSS
Exploits0References3
Prion
Prion
added 2020/02/24 10:15 p.m.43 views

Design/Logic Flaw

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

5.8CVSS7.1AI score0.09386EPSS
Exploits0References19Affected Software19
Rows per page
Query Builder