131 matches found
springframework: DoS with STOMP over WebSocket
A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user...
Atlassian Jira < 9.6.0 Multiple Vulnerabilities
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 9.6.0. It is, therefore, affected by multiple vulnerabilities: - A issue in the underlying Spring framework which permits a authenticated attacker to perform a STOMP over...
K29042031: Multiple Spring Framework vulnerabilities
Security Advisory Description On April 5th, 2018, three new vulnerabilities were published in the popular Java web framework called Spring. Details on these vulnerabilities and exploit code are not yet available, and mitigation details may change if and when the exploit code is available. You can...
K31022653: Spring Framework vulnerability CVE-2018-1257
Security Advisory Description Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or...
SUSE CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
GSD-2023-1001625 NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4.2: Fix a memory stomp in decodeattrsecuritylabel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...
GSD-2023-1001459 NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4.2: Fix a memory stomp in decodeattrsecuritylabel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...
GSD-2023-1001156 NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4.2: Fix a memory stomp in decodeattrsecuritylabel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...
GSD-2023-1000756 NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4.2: Fix a memory stomp in decodeattrsecuritylabel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to a denial of service due to Vmware Tanzu Spring Framework (CVE-2022-22971)
Summary IBM Sterling Partner Engagement Manager uses Vmware Tanzu Spring Framework that is vulnerable to a denial of service, caused by a flaw with a STOMP over WebSocket endpoint. The issue has been addressed. Vulnerability Details CVEID:CVE-2022-22971 DESCRIPTION: Vmware Tanzu Spring Framework ...
Fedora: Security Advisory for golang-github-stomp-3 (FEDORA-2022-4b5537c44c)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: golang-github-stomp-3-3.0.2-4.fc36
Go language library for STOMP protocol...
CVE-2022-22971
A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user...
org.hornetq:hornetq-amqp-protocol (>=2.4.0.Beta2 <=2.4.0.Beta3), org.hornetq:hornetq-stomp-protocol (>=2.4.0.Beta2 <=2.4.0.Beta3) +1 more potentially affected by CVE-2017-12174 via org.hornetq:hornetq-server (>=2.3.0.BETA2 <=2.4.0.Beta3)
org.hornetq:hornetq-server MAVEN version =2.3.0.BETA2, =2.4.0.Beta2, =2.4.0.Beta2, =2.3.0.BETA2, =2.4.0.Beta3 Source cves: CVE-2017-12174 Source advisory: OSV:GHSA-GC96-H5PR-839J...
GHSA-RQPH-VQWM-22VC Allocation of Resources Without Limits or Throttling in Spring Framework
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...
Spring Framework Denial of Service Vulnerability (CNVD-2022-68890)
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework versions prior to 5.3.20, 5.2.22 contain a denial-of-service vulnerability. An attacker can exploit this...
CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...
DEBIAN-CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...
UBUNTU-CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...
CVE-2022-22971
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user...