Lucene search
K

2750 matches found

RedHat Linux
RedHat Linux
added 2020/01/21 3:22 a.m.86 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 8 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

9.8CVSS7.1AI score0.10676EPSS
Exploits2References34
RedHat Linux
RedHat Linux
added 2020/01/21 2:57 a.m.5 views

netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

7.5CVSS7.1AI score0.08415EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/01/21 2:57 a.m.96 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 6 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

9.8CVSS7AI score0.10676EPSS
Exploits2References36
RedHat Linux
RedHat Linux
added 2020/01/21 2:23 a.m.4 views

netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

7.5CVSS7.1AI score0.08415EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/01/21 2:23 a.m.159 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.6 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.1AI score0.10676EPSS
Exploits2References36
Veracode
Veracode
added 2020/01/10 4:0 a.m.14 views

Man-in-the-Middle (MitM)

netty-handler is vulnerable to man-in-the-middle attacks. The library uses an SSLEngine that does not verify certificate hostnames when establishing connections with a server by default. This allows an attacker to potentially intercept and modify network traffic in a successful man-in-the-middle...

6.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/08 5:54 a.m.40 views

Security Bulletin: Multiple vulnerabilities in Netty affect IBM Transparent Cloud Tiering

Summary There are vulnerabilities in Netty used by IBM Transparent Cloud Tiering. IBM Transparent Cloud Tiering has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-9514 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial o...

7.8CVSS0.6AI score0.87806EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/01/06 12:0 a.m.39 views

Debian DSA-4597-1 : netty - security update

It was reported that Netty, a Java NIO client/server framework, is prone to a HTTP request smuggling vulnerability due to mishandling whitespace before the colon in HTTP headers. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

7.5CVSS6.9AI score0.08415EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2020/01/04 12:0 a.m.33 views

Debian: Security Advisory (DSA-4597-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.7AI score0.08415EPSS
Exploits1References4
Debian
Debian
added 2020/01/03 2:58 p.m.40 views

[SECURITY] [DSA 4597-1] netty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4597-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 03, 2020 https://www.debian.org/security/faq -...

5CVSS1.5AI score0.08415EPSS
Exploits1
Debian
Debian
added 2020/01/03 2:58 p.m.73 views

[SECURITY] [DSA 4597-1] netty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4597-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 03, 2020 https://www.debian.org/security/faq -...

7.5CVSS8.5AI score0.08415EPSS
Exploits1
OSV
OSV
added 2020/01/03 12:0 a.m.37 views

DSA-4597-1 netty - security update

Bulletin has no description...

7.5CVSS8.4AI score0.08415EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 8:47 a.m.33 views

Security Bulletin: IBM Transparent Cloud Tiering is affected by Netty vulnerability

Summary The Netty library is vulnerable affecting the IBM Transparent Cloud Tiering. IBM Transparent Cloud Tiering fixed the below CVE. Vulnerability Details CVEID: CVE-2019-16869 DESCRIPTION: Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers such as a...

7.5CVSS0.5AI score0.08415EPSS
Exploits1Affected Software1
Hacker One
Hacker One
added 2019/12/18 7:15 p.m.35 views

GitHub Security Lab: Netty HTTP Response Splitting (CRLF Injection) due to disabled header validation

This bug was reported directly to GitHub Security Lab...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2019/12/10 12:0 a.m.7 views

PT-2019-6163 · Netty +2 · Netty +2

Name of the Vulnerable Software and Affected Versions: Netty versions prior to 4.1.44 Description: The issue is related to the HttpObjectDecoder.java component in Netty, which lacks a check for the presence of a colon in HTTP headers. This could lead to incorrect syntax interpretation or be seen ...

9.4CVSS7.1AI score0.18891EPSS
Exploits6References184
OSV
OSV
added 2019/12/06 6:55 p.m.20 views

GHSA-35FR-H7JR-HH86 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. Impact 1. Cross-User Defacement 2. Cache...

6.5CVSS6.4AI score0.00982EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2019/12/06 6:55 p.m.164 views

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. Impact 1. Cross-User Defacement 2. Cache...

1.9AI score
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2019/11/18 2:40 p.m.3 views

netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

7.5CVSS7.1AI score0.08415EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/11/14 9:17 p.m.2 views

netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers

A flaw was found in Netty, where whitespace before the colon in HTTP headers is mishandled. This flaw allows an attacker to cause HTTP request smuggling...

7.5CVSS7.1AI score0.08415EPSS
Exploits1References4
Veracode
Veracode
added 2019/10/29 8:30 a.m.10 views

Denial Of Service (DoS)

netty-codec-http is vulnerable to denial of service. An indexOutOfBoundsException occurs when the application parses an incorrect Content-Type value that starts with a semi-colon ; in a multipart form request, allowing an attacker to cause a denial of service condition...

4.6AI score
Exploits0
Rows per page
Query Builder