[SECURITY] [DLA 3779-1] tomcat9 security update

Debian LTS Advisory DLA-3779-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 06, 2024 https://wiki.debian.org/LTS Package : tomcat9 Version : 9.0.31-1deb10u12 CVE ID : CVE-2024-23672 CVE-2024-24549 Debian Bug : 1066877 1066878 Two security vulnerabilities...

Debian dla-3779 : libtomcat9-embed-java - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3779 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3779-1 [email protected]...

Mageia: Security Advisory (MGASA-2024-0090)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2024-577)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-577 advisory. Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This...

Important: tomcat9

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

.NET 7.0 security update

An update is available for dotnet7.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

Updated tomcat packages fix security vulnerabilities

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. CVE-2024-23672 Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apach...

MGASA-2024-0090 Updated tomcat packages fix security vulnerabilities

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. CVE-2024-23672 Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apach...

Missing Websocket Authentication

Jupyter Server Proxy is vulnerable to Missing Websocket Authentication. The vulnerability is caused due to improper user authentication checks when proxying websockets within handlers.py. This allows an attacker to gain unauthenticated remote access to any websocket endpoint made accessible via t...

PYSEC-2024-234

Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing...

PYSEC-2024-234

Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing...

CVE-2024-28179 Jupyter Server Proxy's Websocket Proxying does not require authentication

Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing...

CVE-2024-28179 Jupyter Server Proxy's Websocket Proxying does not require authentication

Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing...

cn.com.tltim.pigx:pigx-common-security (=5.0.0-20240820), cn.com.tltim.pigx:pigx-common-websocket (=5.0.0-20240820) +46 more potentially affected by CVE-2024-22258 via org.springframework.security:spring-security-oauth2-authorization-server (>=0.2.0 <=1.1.5)

org.springframework.security:spring-security-oauth2-authorization-server MAVEN version =0.2.0, =0.0.1-alpha.1, =3.1.5.2, =2.7.7.3, =2.7.7.4, =2.7.0.0, =2.7.0.0, =2.7.1.2, =2.7.0.0, =3.0.6.4, =2023.0.0.2-alpha.1, =2023.0.0.2-alpha.2 - com.github.paganini2008.doodler:doodler-common-oauth =1.0.0-bet...

GHSA-W3VC-FX9P-WP4V Jupyter Server Proxy's Websocket Proxying does not require authentication

Summary jupyter-server-proxy is used to expose ports local to a Jupyter server listening to web traffic to the Jupyter server's authenticated users by proxying web requests and websockets. Dependent packages partial list also use jupyter-server-proxy to expose other popular interactive applicatio...

opa-fishon.com Cross Site Scripting vulnerability OBB-3878797

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Denial Of Service (DoS)

org.apache.tomcat: tomcat-websocket is vulnerable to Denial of Service DoS. The vulnerability is due to improper cleanup of WebSocket connections during a session timeout. If a client fails to send a close message within the timeout period, the websocket connection will continue to hold resources...

SUSE CVE-2024-23672

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from...

CVE-2024-23672

A denial of service DoS vulnerability present in the Apache Tomcat package arises from an incomplete cleanup process. Specifically, WebSocket clients can perpetuate WebSocket connections without proper termination, thereby causing a sustained drain on system resources. This vulnerability...

CVE-2024-28251

Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of quer...