Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM TXSeries for Multiplatforms is vulnerable to a flaw in handling multiplexed streams in the HTTP/2 protocol (CVE-2023-44487).

Summary IBM WebSphere Liberty is used by IBM TXSeries for Multiplatforms to provide a web based administration console CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams i...

Apache Tomcat 11.0.0.M1 < 11.0.0.M17 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 11.0.0.M17. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.0-m17security-11 advisory. - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for...

Apache Tomcat Multiple DoS Vulnerabilities (Mar 2024) - Linux

Apache Tomcat is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache Tomcat Multiple DoS Vulnerabilities (Mar 2024) - Windows

Apache Tomcat is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache Tomcat 9.0.0.M1 < 9.0.86 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.86. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.86security-9 advisory. - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket...

Apache Tomcat 8.5.0 < 8.5.99 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.99. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.99security-8 advisory. - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket...

Apache Tomcat 10.1.0.M1 < 10.1.19 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.19. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.19security-10 advisory. - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for...

EulerOS 2.0 SP8 : golang (EulerOS-SA-2024-1269)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2024-1273)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - When a...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1273)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1269)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:0817-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : exercism (2024-cafa04a149)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-cafa04a149 advisory. Update to latest version Security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : jetty-minimal (SUSE-SU-2024:0817-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0817-1 advisory. - Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and T...

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in...

DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Confluence Data Center and Server

This High severity org.eclipse.jetty:jetty-http Dependency vulnerability was introduced in versions 5.3 of Confluence Data Center and Server. This org.eclipse.jetty:jetty-http Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...

Fedora 38 : golang-github-tdewolff-argp / golang-github-tdewolff-minify / etc (2024-0d4d9925a2)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-0d4d9925a2 advisory. Update to latest version Security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

Fedora 39 : golang-github-tdewolff-argp / golang-github-tdewolff-minify / etc (2024-c3e32c5635)

The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-c3e32c5635 advisory. Update to latest version Security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

BIT-TOMCAT-2020-11996

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0 to 10.0.0, 9.0.0 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive...

BIT-TOMCAT-2020-13934

An h2c direct connection to Apache Tomcat 10.0.0 to 10.0.0, 9.0.0 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service...