dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

dotnet: excess memory allocation via HttpClient causes DoS

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

ALSA-2022:2200 Important: .NET 5.0 security, bug fix, and enhancement update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core...

RLSA-2022:2200 Important: .NET 5.0 security, bug fix, and enhancement update

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core...

RHEL 8 : maven:3.5 (RHSA-2022:1861)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1861 advisory. Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build...

RHEL 8 : maven:3.6 (RHSA-2022:1860)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1860 advisory. Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build...

CVE-2022-23267

A flaw was found in dotnet. The Microsoft Security Advisory describes the issue of the Apply MaxResponseHeadersLength limit for trailing headers to address a denial of service via excess memory allocations through the HttpClient...

Moderate: Red Hat Security Advisory: maven:3.5 security update

An update for the maven:3.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Moderate: Red Hat Security Advisory: maven:3.6 security and enhancement update

An update for the maven:3.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2022:1861 Moderate: maven:3.5 security update

Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: apache-httpclient: incorrect handling of malformed authority...

maven:3.5 security update

An update is available for apache-commons-io, atinject, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, glassfish-el, apache-commons-cli, guava20, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, jansi-native, apache-commons-logging,...

Moderate: maven:3.5 security update

Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: apache-httpclient: incorrect handling of malformed authority...

ALSA-2022:1860 Moderate: maven:3.6 security and enhancement update

Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: apache-httpclient: incorrect handling of malformed authority...

RLSA-2022:1860 Moderate: maven:3.6 security and enhancement update

Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: apache-httpclient: incorrect handling of malformed authority...

CentOS 8 : maven:3.5 (CESA-2022:1861)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2022:1861 advisory. - apache-httpclient: incorrect handling of malformed authority component in request URIs CVE-2020-13956 Note that Nessus has not tested for this issue but has...

CentOS 8 : maven:3.6 (CESA-2022:1860)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:1860 advisory. - apache-httpclient: incorrect handling of malformed authority component in request URIs CVE-2020-13956 Note that Nessus has not tested for this issue but has...

Security Bulletin: Information disclosure in Apache Commons HttpClient may affect WebSphere Application Server as part of IBM InfoSphere Global Name Management (CVE-2012-5783)

Summary There is a potential information disclosure in Apache Commons HttpClient used by WebSphere Application Server shipped as part of IBM InfoSphere Global Name Management. This also affects IBM InfoSphere Global Name Management Enterprise Name Search installations. Vulnerability Details CVEs:...

Spring Cloud Function SpEL Injection Exploit

Spring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attack...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...