Lucene search
+L

131 matches found

OSV
OSV
added 2022/11/09 6:15 a.m.0 views

ALPINE-CVE-2022-45060

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce...

7.5CVSS7AI score0.00936EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/08 12:0 a.m.4 views

PT-2022-7316

Name of the Vulnerable Software and Affected Versions Varnish Cache versions 5.x through 6.0.10 Varnish Cache versions 7.x through 7.1.1 Varnish Cache versions 7.2.x through 7.2.0 Description An HTTP Request Forgery issue was discovered in Varnish Cache, where an attacker may introduce characters...

7.8CVSS5.8AI score0.00936EPSS
Exploits0References65
OSV
OSV
added 2022/10/20 12:0 p.m.8 views

GHSA-7W4X-4H67-PGMV Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may request log headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...

4.3CVSS5.9AI score0.00604EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2022/10/19 12:0 a.m.7 views

Reactor Netty HTTP Server may log request headers

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...

4.3CVSS6.2AI score0.00604EPSS
Exploits0References1
OSV
OSV
added 2022/10/19 12:0 a.m.26 views

CVE-2022-31684

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...

4.3CVSS6.6AI score0.00604EPSS
Exploits0References3
Veracode
Veracode
added 2022/09/30 8:38 p.m.17 views

Denial Of Service (DOS)

Hyperledger Fabric is vulnerable to denial of service. The vulnerability is due to non validated requests. An attacker can construct requests with invalid channel and chaincode information, which might crash the peer service...

1.7AI score
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2022/09/12 12:0 a.m.32 views

Jenkins HTTP/2 DoS Vulnerability (CVE-2022-2048) - Linux

Jenkins is prone to an HTTP/2 denial of service DoS vulnerability in Jetty. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

7.5CVSS7.5AI score0.0227EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/07 9:15 p.m.2 views

CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources lef...

7.5CVSS6.8AI score0.0227EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/07/07 9:15 p.m.2 views

DEBIAN-CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources lef...

7.5CVSS7.9AI score0.0227EPSS
Exploits0References1
OSV
OSV
added 2022/07/07 9:15 p.m.4 views

UBUNTU-CVE-2022-2048

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources lef...

7.5CVSS6.8AI score0.0227EPSS
Exploits0References4
OSV
OSV
added 2022/07/07 8:55 p.m.1 views

GHSA-WGMR-MF83-7X4J Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service

Description Invalid HTTP/2 requests for example, invalid URIs are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying ...

7.5CVSS6.8AI score0.0227EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/07/07 12:0 a.m.6 views

PT-2022-6935 · Eclipse +3 · Eclipse Jetty +3

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions prior to 9.4.47 Eclipse Jetty versions prior to 10.0.10 Eclipse Jetty versions prior to 11.0.10 Description: The issue arises from the incorrect handling of invalid HTTP/2 requests by the Eclipse Jetty HTTP/2 server...

7.8CVSS6.6AI score0.99999EPSS
Exploits31References96
OSV
OSV
added 2022/06/02 11:3 a.m.4 views

OESA-2022-1692 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache...

7.5CVSS6.9AI score0.01914EPSS
Exploits0References2
CNVD
CNVD
added 2022/03/25 12:0 a.m.16 views

Apache Traffic Server Input Validation Error Vulnerability (CNVD-2022-41636)

Apache Traffic Server ATS is a set of scalable HTTP proxy and caching servers from the Apache Foundation in the U.S. An input validation error vulnerability exists in Apache Traffic Server versions 8.0.0 through 8.1.3 and 9.0.0 through 9.1.1, which stems from a request parsing incorrect input...

7.5CVSS2.3AI score0.01914EPSS
Exploits0References1
OSV
OSV
added 2022/03/23 2:15 p.m.1 views

DEBIAN-CVE-2021-44040

Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1...

7.5CVSS7.3AI score0.01914EPSS
Exploits0References1
OSV
OSV
added 2022/03/23 2:15 p.m.15 views

CVE-2021-44040

Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1...

7.5CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2022/03/23 2:15 p.m.8 views

UBUNTU-CVE-2021-44040

Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1...

7.5CVSS7.1AI score0.01914EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/03/23 2:5 p.m.67 views

CVE-2021-44040

Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1...

7.5CVSS7.4AI score0.01914EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/03/23 12:0 a.m.2 views

PT-2022-11974 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 8.1.3 Apache Traffic Server versions 9.0.0 through 9.1.1 Description: The issue is related to improper input validation in request line parsing, allowing an attacker to send invalid requests...

8.1CVSS7.3AI score0.02507EPSS
Exploits0References21
Veracode
Veracode
added 2022/03/11 3:12 a.m.51 views

Information Disclosure

phpmyadmin/phpmyadmin is vulnerable to information disclosure. An attacker can gain sensitive information through the lang parameter,pmaparameter, and the cookie section by providing malicious invalid requests...

7.5CVSS2.2AI score0.01276EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder