Lucene search
K

97 matches found

Vulnrichment
Vulnrichment
added 2022/09/13 12:0 a.m.5 views

CVE-2022-39158

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969...

5.3CVSS5AI score0.0118EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.4 views

PT-2022-24782 · Siemens · Ruggedcom M2100 +62

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, so: Affected software affected versions not specified Description: The issue is related to the improper handling of partial HTTP requests, making devices susceptible to slowloris attacks. This could...

7.5CVSS5.1AI score0.0118EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/26 12:0 a.m.3 views

IBM Sterling Partner Engagement Manager 安全漏洞

IBM Sterling Partner Engagement Manager is an automated management tool from IBM USA. A security vulnerability in IBM Sterling Partner Engagement Manager versions 6.1, 6.2, and Cloud 22.2 can be exploited by an attacker to perform a Slowloris attack, a denial-of-service DoS attack against a...

7.5CVSS7.3AI score0.00825EPSS
Exploits0References3
OSV
OSV
added 2022/07/06 12:15 p.m.3 views

UBUNTU-CVE-2022-30591

DISPUTED quic-go through 0.27.0 allows remote attackers to cause a denial of service CPU consumption via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtudiscoverer.go misparses the MTU Discovery service and consequently overflows the probe timer...

7.5CVSS7.1AI score0.02412EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2022/07/06 12:0 a.m.5 views

PT-2022-20194 · Quic-Go +1 · Quic-Go +1

Name of the Vulnerable Software and Affected Versions: quic-go versions through 0.27.0 Description: The issue allows remote attackers to cause a denial of service CPU consumption via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtu discoverer.go...

7.5CVSS7.8AI score0.02412EPSS
Exploits2References14
OSV
OSV
added 2022/05/13 1:9 a.m.17 views

GHSA-F2WR-C4C4-XJG7 Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack

The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is...

7.5CVSS7.4AI score0.048EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2022/03/11 12:0 a.m.7 views

CVE-2022-22354

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM...

7.5CVSS6.7AI score0.00904EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2021/11/11 10:15 p.m.6 views

UBUNTU-CVE-2021-3909

OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip...

7.5CVSS7.1AI score0.01512EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/11/10 8:15 p.m.44 views

Infinite open connection causes OctoRPKI to hang forever

OctoRPKI github.com/cloudflare/cfrpki/cmd/octorpki does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a...

7.5CVSS7.5AI score0.01512EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/10 12:0 a.m.4 views

PT-2021-22374 · Octorpki +1 · Octorpki +1

Name of the Vulnerable Software and Affected Versions: OctoRPKI affected versions not specified Description: The issue allows for a slowloris DOS attack to take place, making OctoRPKI wait forever. This occurs because OctoRPKI does not limit the length of a connection. Specifically, the repositor...

9.8CVSS7AI score0.04065EPSS
Exploits0References41
OSV
OSV
added 2020/10/29 4:15 p.m.2 views

CVE-2020-5933

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger a...

7.5CVSS7.1AI score0.0105EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/10/01 10:3 a.m.2 views

nodejs: Slowloris HTTP Denial of Service

It was found that Node.js HTTP server was vulnerable to a Slowloris type attack. An attacker could make long lived connections by sending bytes very slowly to the server, saturating its resource and possibly resulting in a denial of service...

7.5CVSS7.2AI score0.41288EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/07/22 1:39 p.m.1 views

nodejs: Slowloris HTTP Denial of Service

It was found that Node.js HTTP server was vulnerable to a Slowloris type attack. An attacker could make long lived connections by sending bytes very slowly to the server, saturating its resource and possibly resulting in a denial of service...

7.5CVSS7.2AI score0.41288EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/01/22 12:0 a.m.39 views

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:0118-1)

This update for nodejs8 to version 8.15.0 fixes the following issues : Security issues fixed : CVE-2018-12121: Fixed a Denial of Service with large HTTP headers bsc1117626 CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service bsc1117627 CVE-2018-12116: Fixed HTTP request splitting bsc11176...

7.5CVSS7AI score0.41288EPSS
Exploits0References13
OSV
OSV
added 2018/11/28 5:29 p.m.3 views

ALPINE-CVE-2018-12122

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service DoS by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time...

7.5CVSS8.8AI score0.41288EPSS
Exploits0References1
OSV
OSV
added 2018/11/28 5:29 p.m.1 views

UBUNTU-CVE-2018-12122

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service DoS by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time...

7.5CVSS6.8AI score0.41288EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2017/03/06 6:39 a.m.16 views

Database of 1.4 Billion Records leaked from World’s Biggest Spam Networks

A database of 1.4 billion email addresses combined with real names, IP addresses, and often physical address has been exposed in what appears to be one the largest data breach of this year. What's worrisome? There are high chances that you, or at least someone you know, is affected by this latest...

6.5AI score
Exploits0
Rows per page
Query Builder