Lucene search
+L

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2018-1048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOWENCODEDSLASH option and thus allow the the slash /...

7.5CVSS7AI score0.0159EPSS
Exploits0References2
NVD
NVD
added 2021/02/23 7:15 p.m.18 views

CVE-2020-27782

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This...

7.8CVSS0.01269EPSS
Exploits0References1
OSV
OSV
added 2021/02/23 7:15 p.m.8 views

CVE-2020-27782

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This...

7.5CVSS7.2AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/02/01 6:56 p.m.1 views

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

7.8CVSS5.7AI score0.01269EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/01/25 6:53 a.m.23 views

CVE-2020-27782

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. Mitigatio...

7.8CVSS3.7AI score0.01269EPSS
Exploits0References3
OSV
OSV
added 2018/01/24 11:29 p.m.5 views

DEBIAN-CVE-2018-1048

It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOWENCODEDSLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files...

7.5CVSS6.3AI score0.0159EPSS
Exploits0References1
Rows per page
Query Builder