Lucene search
K

2734 matches found

Tenable Nessus
Tenable Nessus
added 2020/01/22 12:0 a.m.56 views

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 6 (RHSA-2020:0159)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0159 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

9.8CVSS7.1AI score0.10676EPSS
Exploits2References49
RedHat Linux
RedHat Linux
added 2020/01/21 3:47 a.m.87 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 7 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

9.8CVSS7.1AI score0.10676EPSS
Exploits2References36
RedHat Linux
RedHat Linux
added 2020/01/21 3:47 a.m.6 views

netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

7.5CVSS7.1AI score0.08415EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/01/21 3:22 a.m.5 views

netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

7.5CVSS7.1AI score0.08415EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/01/21 3:22 a.m.86 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 8 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

9.8CVSS7.1AI score0.10676EPSS
Exploits2References34
RedHat Linux
RedHat Linux
added 2020/01/21 2:57 a.m.95 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 6 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

9.8CVSS7AI score0.10676EPSS
Exploits2References36
RedHat Linux
RedHat Linux
added 2020/01/21 2:57 a.m.5 views

netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

7.5CVSS7.1AI score0.08415EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/01/21 2:23 a.m.159 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.1AI score0.10676EPSS
Exploits2References36
RedHat Linux
RedHat Linux
added 2020/01/21 2:23 a.m.4 views

netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

7.5CVSS7.1AI score0.08415EPSS
Exploits1References4
Veracode
Veracode
added 2020/01/10 4:0 a.m.14 views

Man-in-the-Middle (MitM)

netty-handler is vulnerable to man-in-the-middle attacks. The library uses an SSLEngine that does not verify certificate hostnames when establishing connections with a server by default. This allows an attacker to potentially intercept and modify network traffic in a successful man-in-the-middle...

6.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/08 5:54 a.m.39 views

Security Bulletin: Multiple vulnerabilities in Netty affect IBM Transparent Cloud Tiering

Summary There are vulnerabilities in Netty used by IBM Transparent Cloud Tiering. IBM Transparent Cloud Tiering has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-9514 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial o...

7.8CVSS0.6AI score0.87806EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/01/06 12:0 a.m.39 views

Debian DSA-4597-1 : netty - security update

It was reported that Netty, a Java NIO client/server framework, is prone to a HTTP request smuggling vulnerability due to mishandling whitespace before the colon in HTTP headers. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

7.5CVSS6.9AI score0.08415EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2020/01/04 12:0 a.m.33 views

Debian: Security Advisory (DSA-4597-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.7AI score0.08415EPSS
Exploits1References4
Debian
Debian
added 2020/01/03 2:58 p.m.40 views

[SECURITY] [DSA 4597-1] netty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4597-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 03, 2020 https://www.debian.org/security/faq -...

5CVSS1.5AI score0.08415EPSS
Exploits1
Debian
Debian
added 2020/01/03 2:58 p.m.70 views

[SECURITY] [DSA 4597-1] netty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4597-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 03, 2020 https://www.debian.org/security/faq -...

7.5CVSS8.5AI score0.08415EPSS
Exploits1
OSV
OSV
added 2020/01/03 12:0 a.m.37 views

DSA-4597-1 netty - security update

Bulletin has no description...

7.5CVSS8.4AI score0.08415EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 8:47 a.m.33 views

Security Bulletin: IBM Transparent Cloud Tiering is affected by Netty vulnerability

Summary The Netty library is vulnerable affecting the IBM Transparent Cloud Tiering. IBM Transparent Cloud Tiering fixed the below CVE. Vulnerability Details CVEID: CVE-2019-16869 DESCRIPTION: Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a...

7.5CVSS0.5AI score0.08415EPSS
Exploits1Affected Software1
Hacker One
Hacker One
added 2019/12/18 7:15 p.m.35 views

GitHub Security Lab: Netty HTTP Response Splitting (CRLF Injection) due to disabled header validation

This bug was reported directly to GitHub Security Lab...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2019/12/10 12:0 a.m.7 views

PT-2019-6163 · Netty +2 · Netty +2

Name of the Vulnerable Software and Affected Versions: Netty versions prior to 4.1.44 Description: The issue is related to the HttpObjectDecoder.java component in Netty, which lacks a check for the presence of a colon in HTTP headers. This could lead to incorrect syntax interpretation or be seen ...

9.4CVSS7.1AI score0.18891EPSS
Exploits6References184
Github Security Blog
Github Security Blog
added 2019/12/06 6:55 p.m.163 views

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. Impact 1. Cross-User Defacement 2. Cache...

1.9AI score
Exploits0References2Affected Software1
Rows per page
Query Builder