Important: tomcat8

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

Amazon Linux AMI : tomcat8 (ALAS-2024-1941)

The version of tomcat8 installed on the remote host is prior to 8.5.99-1.97. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1941 advisory. Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep...

Fedora 40 : tomcat (2024-c404b99f19)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c404b99f19 advisory. This update includes a rebase from 9.0.83 to 9.0.89. 2269611 CVE-2024-24549 tomcat: CVE-2024-24549: Apache Tomcat: HTTP/2 header handling DoS 226961...

(Pwn2Own) Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 chargers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

PT-2024-6138 · Autel · Autel Maxicharger Ac Elite Business C50

Name of the Vulnerable Software and Affected Versions: Autel MaxiCharger AC Elite Business C50 affected versions not specified Description: The issue is related to a stack-based buffer overflow vulnerability in the handling of base64-encoded data within WebSocket messages. This vulnerability allo...

PT-2025-14756

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A flaw in libsoup allows the SoupWebsocketConnection to accept a large WebSocket message. This may cause libsoup to allocate memory and lead to a denial of service DoS. Recommendations At the...

Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in Apache Tomcat affect the product's management GUI, potentially allowing denial of service. The Command Line Interface is unaffected. CVE-2024-23672, CVE-2024-24549. Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Apache Tomcat is vulnerable to a denial of servic...

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

AZL-42808 CVE-2024-37890 affecting package reaper for versions less than 3.1.1-10

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

AZL-43600 CVE-2024-37890 affecting package js-jquery 3.5.0-4

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

DEBIAN-CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

UBUNTU-CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

007putra-my-bot (=1.1.1), 02strich-markdown (>=1.0.0 <=1.0.2) +8693 more potentially affected by CVE-2024-37890 via ws (>=8.0.0 <=8.17.0)

ws NPM version =8.0.0, =1.0.0, =0.0.31, =0.2.0, =1.0.53, =1.0.0, =0.2.3, =0.2.5 - 7t7t7t37t =1.0.0 - 84447xe5t8 =1.0.0 - 8wcy8cycwcu =1.0.0 - 8wyc8ywyc8c =1.0.0 - 9cwyw8bcyy8wc =1.0.0 and more Source cves: CVE-2024-37890 Source advisory: OSV:GHSA-3H5V-Q93C-6H6Q...

7ghost (>=4.11.25 <=4.11.46), @100mslive/hms-excalidraw (>=0.1.3 <=0.1.14) +1262 more potentially affected by CVE-2024-37890 via ws (>=6.0.0 <=6.2.2)

ws NPM version =6.0.0, =4.11.25, =0.1.3, =0.0.1-bate.30, =0.0.1, =0.0.1, =7.0.0, =0.1.0, =4.4.0, =4.2.2, =2.9.0, =0.0.1-alpha.95, =1.0.0, =1.2.0, =1.6.2 and more Source cves: CVE-2024-37890 Source advisory: OSV:GHSA-3H5V-Q93C-6H6Q...

003-gas-convert (=1.0.1), 0x-hunter-core (>=1.0.0 <=1.0.1-5) +17432 more potentially affected by CVE-2024-37890 via ws (>=2.1.0 <=5.2.2)

ws NPM version =2.1.0, =1.0.0, =0.0.3, =1.1.0, =0.9.9, =0.7.41, =0.1.0-beta.1, =0.1.3, =0.0.3, =1.0.0, =2.0.7 and more Source cves: CVE-2024-37890 Source advisory: OSV:GHSA-3H5V-Q93C-6H6Q...

GHSA-3H5V-Q93C-6H6Q ws affected by a DoS when handling a request with many HTTP headers

Impact A request with a number of headers exceeding the server.maxHeadersCount threshold could be used to crash a ws server. Proof of concept js const http = require'http'; const WebSocket = require'ws'; const wss = new WebSocket.Server port: 0 , function const chars =...

ws affected by a DoS when handling a request with many HTTP headers

Impact A request with a number of headers exceeding the server.maxHeadersCount threshold could be used to crash a ws server. Proof of concept js const http = require'http'; const WebSocket = require'ws'; const wss = new WebSocket.Server port: 0 , function const chars =...

CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...