undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

EUVD-2024-32452

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

EUVD-2021-0975

Malware in sbrugna...

EUVD-2020-25572

Malware in sbrugna...

EUVD-2021-1649

Malware in sbrugna...

EUVD-2021-1315

Malware in sbrugna...

EUVD-2022-0588

Malicious code in bioql PyPI...

EUVD-2023-2618

Malicious code in bioql PyPI...

Debian dsa-5894 : jetty9 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5894 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5894-1 [email protected] https://www.debian.org/securit...

Security Bulletin: IBM Storage Protect Server is vulnerable due to Eclipse Jetty (CVE-2024-9823)

Summary IBM Storage Protect Server uses Eclipse Jetty and may be vulnerable to deial-of-service attack due to issues with OutofMemory errors related with DosFilter. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: There exists a security vulnerability in Jetty's DosFilter which can be...

Linux Distros Unpatched Vulnerability : CVE-2024-8184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote which can be exploited by unauthorized users to cause remote denial-of-service DoS...

Linux Distros Unpatched Vulnerability : CVE-2024-9823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service DoS attack on the serv...

GHSA-JGX4-7V3V-VWFM Elasticsearch allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function...

Amazon Linux 2 : jetty (ALAS-2024-2702)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2702 advisory. There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service DoS attack on the server using DosFilter. By repeatedly sending...

Medium: jetty

Issue Overview: There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service DoS attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the...

Denial Of Service (DoS)

io.undertow, undertow-core is vulnerable to Denial of Service DoS. The vulnerability is due to an OutOfMemory error caused by a malicious user sending crafted requests through the FormAuthenticationMechanism, allowing an attacker to trigger the error...

OESA-2024-2419 undertow security update

Java web server using non-blocking IO Security Fixes: A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.CVE-2023-19...

GHSA-97CQ-F4JM-MV8H Undertow Denial of Service vulnerability

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory...

Undertow Denial of Service vulnerability

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory...

CVE-2023-1973 Undertow: unrestricted request storage leads to memory exhaustion

A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory...