Lucene search
K

172 matches found

RedHat Linux
RedHat Linux
added 2024/10/07 12:49 p.m.10 views

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

7.5CVSS5.7AI score0.02644EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/07 12:49 p.m.37 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 Security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.1AI score0.02644EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/07 12:18 p.m.4 views

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

7.5CVSS5.7AI score0.02644EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/01 8:3 a.m.47 views

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

7.5CVSS5.7AI score0.02644EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/01 7:54 a.m.26 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.2AI score0.02644EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/10/01 7:54 a.m.52 views

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

7.5CVSS5.7AI score0.02644EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/19 4:46 p.m.54 views

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

7.5CVSS5.7AI score0.02644EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/09/09 5:17 p.m.4 views

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

7.5CVSS5.7AI score0.02644EPSS
Exploits0References4
OSV
OSV
added 2024/08/21 2:15 p.m.6 views

DEBIAN-CVE-2024-7885

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

7.5CVSS7.4AI score0.02644EPSS
Exploits0References1
OSV
OSV
added 2024/08/21 2:15 p.m.1 views

UBUNTU-CVE-2024-7885

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

7.5CVSS7AI score0.02644EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/21 2:13 p.m.47 views

CVE-2024-7885 Undertow: improper state management in proxy protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

7.5CVSS0.02644EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2024/08/16 12:0 a.m.5 views

PT-2024-6638 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1...

8.7CVSS8.1AI score0.02644EPSS
Exploits0References36
Vulnrichment
Vulnrichment
added 2024/07/11 8:40 p.m.20 views

CVE-2024-6468 Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, the Vault...

7.5CVSS6.8AI score0.00491EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/11 8:40 p.m.35 views

CVE-2024-6468 Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, the Vault...

7.5CVSS0.00491EPSS
Exploits0References1
OSV
OSV
added 2024/07/11 8:40 p.m.5 views

CVE-2024-6468 Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, the Vault...

7.5CVSS7AI score0.00491EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/11 12:0 a.m.3 views

PT-2024-5874 · Hashicorp +2 · Vault Enterprise +3

Name of the Vulnerable Software and Affected Versions: Vault and Vault Enterprise versions prior to 1.15.12 Vault and Vault Enterprise versions prior to 1.16.6 Vault and Vault Enterprise versions prior to 1.17.2 Description: The issue is related to the improper handling of requests originating fr...

7.8CVSS7.1AI score0.00528EPSS
Exploits0References26
OSV
OSV
added 2024/06/04 3:19 p.m.33 views

GO-2024-2853 sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address in github.com/tg123/sshpiper

sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address in github.com/tg123/sshpiper...

5.3CVSS5.2AI score0.0026EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/28 12:0 a.m.21 views

Oracle Linux 8 : 389-ds:1.4 (ELSA-2024-3047)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3047 advisory. - Resolves: RHEL-23209 - CVE-2024-1062 389-ds:1.4/389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars in...

5.5CVSS5.7AI score0.00304EPSS
Exploits0References2
Veracode
Veracode
added 2024/05/15 7:10 a.m.10 views

Insufficient Verification Of Data Authenticity

sshpiper is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to the proxy protocol listener which does specify a specific listener, allowing an attacker forage the proxy source address...

5.3CVSS6.9AI score0.0026EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/14 10:31 p.m.28 views

GHSA-4W53-6JVP-GG52 sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address

Summary The way the proxy protocol listener is implemented in sshpiper can allow an attacker to forge their connecting address. Details This commit added the proxy protocol listener as the only listener in sshpiper, with no option to toggle this functionality off. This means that any connection...

5.3CVSS5AI score0.0026EPSS
Exploits0References5
Rows per page
Query Builder