Lucene search
K

2736 matches found

Positive Technologies
Positive Technologies
added 2019/09/26 12:0 a.m.5 views

PT-2019-5206 · Apache +1 · Netty +1

Name of the Vulnerable Software and Affected Versions: Netty versions prior to 4.1.42.Final Description: The issue is related to the incorrect handling of whitespace before the colon in HTTP headers, such as a "Transfer-Encoding : chunked" line. This can lead to HTTP request smuggling, allowing a...

9.1CVSS7.2AI score0.13474EPSS
Exploits5References204
BDU FSTEC
BDU FSTEC
added 2019/08/27 12:0 a.m.3 views

The vulnerability relates to the implementation of the HTTP/2 network protocol on Windows operating systems, Apache Traffic Server web servers, H2O web servers, network programming tools such as netty, SwiftNIO, Envoy, and the Node.js software platform. This allows attackers to induce service failures.

The vulnerability of the HTTP/2 network protocol implementation in Windows operating systems, Apache Traffic Server web servers, H2O web servers, network programming tools such as netty, SwiftNIO, Envoy, and Node.js software platforms is related to an uncontrolled resource consumption. Exploiting...

7.8CVSS7.2AI score0.82813EPSS
Exploits0References16Affected Software9
BDU FSTEC
BDU FSTEC
added 2019/08/27 12:0 a.m.5 views

The vulnerability relates to the implementation of the HTTP/2 network protocol on Windows operating systems, Apache Traffic Server web servers, H2O web servers, network programming tools such as netty, SwiftNIO, Envoy, and the Node.js software platform. This allows attackers to induce service failures.

The vulnerability of the HTTP/2 network protocol implementation in Windows operating systems, Apache Traffic Server web servers, H2O web servers, network programming tools such as netty, SwiftNIO, Envoy, and Node.js software platforms is related to an uncontrolled resource consumption. Exploiting...

7.8CVSS7.2AI score0.83433EPSS
Exploits1References15Affected Software9
BDU FSTEC
BDU FSTEC
added 2019/08/22 12:0 a.m.4 views

The vulnerability relates to the implementation of the HTTP/2 network protocol on Windows operating systems, nginx servers, network programming tools like netty, Envoy, SwiftNIO, and Node.js software platforms. This allows attackers to induce service failures.

The vulnerability of the HTTP/2 network protocol implementation in Windows operating systems, nginx servers, network programming tools like Netty, Envoy, SwiftNIO, and Node.js software platforms is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a maliciou...

7.8CVSS5.5AI score0.25448EPSS
Exploits0References10Affected Software6
UbuntuCve
UbuntuCve
added 2019/08/13 12:0 a.m.43 views

CVE-2019-9512

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

7.8CVSS7.2AI score0.83433EPSS
Exploits1References8
Mageia
Mageia
added 2018/12/20 8:17 p.m.53 views

Updated netty & jctools packages fix security vulnerability

handler/ssl/OpenSslEngine.java in Netty before 4.0.37.Final allows remote attackers to cause a denial of service infinite loop CVE-2016-4970...

7.8CVSS5.3AI score0.11259EPSS
Exploits0References2
OSV
OSV
added 2018/12/20 8:17 p.m.11 views

MGASA-2018-0485 Updated netty & jctools packages fix security vulnerability

handler/ssl/OpenSslEngine.java in Netty before 4.0.37.Final allows remote attackers to cause a denial of service infinite loop CVE-2016-4970...

7.8CVSS7.2AI score0.11259EPSS
Exploits0References3
Kitploit
Kitploit
added 2018/08/23 12:51 p.m.28 views

Mallet - A Framework For Creating Proxies

Mallet is a tool for creating proxies for arbitrary protocols, along similar lines to the familiar intercepting web proxies, just more generic. It is built upon the Netty framework, and relies heavily on the Netty pipeline concept, which allows the graphical assembly of graphs of handlers. In the...

7.2AI score
Exploits0References2
n0where
n0where
added 2018/08/19 1:23 a.m.15 views

A framework for creating proxies: Mallet

Mallet is a tool for creating proxies for arbitrary protocols, along similar lines to the familiar intercepting web proxies, just more generic. It is built upon the Netty framework, and relies heavily on the Netty pipeline concept, which allows the graphical assembly of graphs of handlers. In the...

0.9AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:59 a.m.23 views

Security Bulletin: Rational Integration Tester component in Rational Test Workbench affected by Netty vulnerability (CVE-2014-3488)

Summary The Netty library is vulnerable affecting the Rational Integration Tester component in IBM Rational Test Workbench. Vulnerability Details CVE ID: CVE-2014-3488 Description: Netty is vulnerable to a denial of service, caused by an error in SslHandler. A remote attacker could exploit this...

5CVSS0.8AI score0.04222EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 10:6 p.m.37 views

Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2014-0193, CVE-2016-4970)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2014-0193 DESCRIPTION: Netty is vulnerable to a denial of service, caused by an error in the WebSocket08FrameDecoder...

7.8CVSS1AI score0.11259EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.35 views

Security Bulletin: Vulnerability in dependent component shipped in IBM Development Package for Apache Spark (CVE-2016-4970)

Summary The developerWorks download for IBM Development Package for Apache Spark is not vulnerable in its default configuration. However, IBM Development Package for Apache Spark could be vulnerable to a Denial of Service attack if the 'netty-tcnative' component is added and configured onto the...

7.8CVSS1.8AI score0.11259EPSS
Exploits0Affected Software1
NVD
NVD
added 2017/10/18 3:29 p.m.24 views

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.7AI score0.05434EPSS
Exploits0References12
Prion
Prion
added 2017/10/18 3:29 p.m.22 views

Input validation

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

4.3CVSS6.7AI score0.05434EPSS
Exploits0References12Affected Software2
UbuntuCve
UbuntuCve
added 2017/10/18 3:29 p.m.23 views

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.2AI score0.05434EPSS
Exploits0References5
OSV
OSV
added 2017/10/18 3:29 p.m.4 views

DEBIAN-CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.9AI score0.05434EPSS
Exploits0References1
OSV
OSV
added 2017/10/18 3:29 p.m.5 views

UBUNTU-CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.2AI score0.05434EPSS
Exploits0References6
Cvelist
Cvelist
added 2017/10/18 3:0 p.m.24 views

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5AI score0.05434EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2017/10/18 3:0 p.m.26 views

CVE-2015-2156

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name a...

7.5CVSS7.6AI score0.05434EPSS
Exploits0
CVE
CVE
added 2017/10/18 3:0 p.m.123 views

CVE-2015-2156

CVE-2015-2156 concerns Netty (and Play Framework): improper validation of cookie name/value characters can bypass HttpOnly and expose sensitive data. In IBM StreamSets Data Collector context, this vulnerability affects versions 5.0.0–6.4.1 and remediation is to upgrade to IBM StreamSets Data Coll...

7.5CVSS7.3AI score0.05434EPSS
Exploits0References12Affected Software1
Rows per page
Query Builder