131 matches found
ALPINE-CVE-2022-45060
An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce...
PT-2022-7316
Name of the Vulnerable Software and Affected Versions Varnish Cache versions 5.x through 6.0.10 Varnish Cache versions 7.x through 7.1.1 Varnish Cache versions 7.2.x through 7.2.0 Description An HTTP Request Forgery issue was discovered in Varnish Cache, where an attacker may introduce characters...
GHSA-7W4X-4H67-PGMV Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may request log headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...
Reactor Netty HTTP Server may log request headers
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...
CVE-2022-31684
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...
Denial Of Service (DOS)
Hyperledger Fabric is vulnerable to denial of service. The vulnerability is due to non validated requests. An attacker can construct requests with invalid channel and chaincode information, which might crash the peer service...
Jenkins HTTP/2 DoS Vulnerability (CVE-2022-2048) - Linux
Jenkins is prone to an HTTP/2 denial of service DoS vulnerability in Jetty. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...
CVE-2022-2048
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources lef...
DEBIAN-CVE-2022-2048
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources lef...
UBUNTU-CVE-2022-2048
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources lef...
GHSA-WGMR-MF83-7X4J Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service
Description Invalid HTTP/2 requests for example, invalid URIs are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying ...
PT-2022-6935 · Eclipse +3 · Eclipse Jetty +3
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions prior to 9.4.47 Eclipse Jetty versions prior to 10.0.10 Eclipse Jetty versions prior to 11.0.10 Description: The issue arises from the incorrect handling of invalid HTTP/2 requests by the Eclipse Jetty HTTP/2 server...
OESA-2022-1692 trafficserver security update
Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache...
Apache Traffic Server Input Validation Error Vulnerability (CNVD-2022-41636)
Apache Traffic Server ATS is a set of scalable HTTP proxy and caching servers from the Apache Foundation in the U.S. An input validation error vulnerability exists in Apache Traffic Server versions 8.0.0 through 8.1.3 and 9.0.0 through 9.1.1, which stems from a request parsing incorrect input...
DEBIAN-CVE-2021-44040
Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1...
CVE-2021-44040
Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1...
UBUNTU-CVE-2021-44040
Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1...
CVE-2021-44040
Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1...
PT-2022-11974 · Apache · Apache Traffic Server
Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 8.1.3 Apache Traffic Server versions 9.0.0 through 9.1.1 Description: The issue is related to improper input validation in request line parsing, allowing an attacker to send invalid requests...
Information Disclosure
phpmyadmin/phpmyadmin is vulnerable to information disclosure. An attacker can gain sensitive information through the lang parameter,pmaparameter, and the cookie section by providing malicious invalid requests...