GHSA-6495-8JVH-F28X File restriction bypass in socket.io-file

All versions of socket.io-fileare vulnerable to a file restriction bypass. The validation for valid file types only happens on the client-side, which allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types. No fix is currently...

File restriction bypass in socket.io-file

Overview All versions of socket.io-fileare vulnerable to a file restriction bypass. The validation for valid file types only happens on the client-side, which allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types. Recommendation No...

Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-13935)

Summary Multiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager TADDM Vulnerability Details CVEID: CVE-2020-13935 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper...

PT-2022-2604

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.0 through 8.5.75 Apache Tomcat versions 9.0.0.M1 through 9.0.20 Description The issue is related to errors when a web application sends a WebSocket message concurrently with the WebSocket connection closing. This cou...

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...

Important: Red Hat Security Advisory: tomcat security and bug fix update

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RHEL 7 : tomcat (RHSA-2020:4004)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4004 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: multiple requests...

accumulator (=0.3.0), ahq_store_rs_core (>=0.1.0 <=0.10.0-alpha.1.1) +123 more potentially affected by CVE-2020-35896 via ws (>=0.4.8 <=0.9.2)

ws CARGO version =0.4.8, =0.1.0, =0.1.0, =0.0.2, =0.1.0, =0.0.1, =0.4.0, =0.1.0, =0.1.0, =0.9.0, =0.1.5, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-35896 Source advisory: OSV:RUSTSEC-2020-0043...

PT-2020-17528 · Rust · Ws

Name of the Vulnerable Software and Affected Versions: ws crate versions prior to 2020-09-25 Description: An issue in the ws crate allows a remote memory-consumption attack due to the outgoing buffer not being properly limited. This enables a remote attacker to take down the process by growing th...

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...

Cesanta Mongoose Buffer Overflow Vulnerability

Cesanta Mongoose is a set of embedded server libraries from the Irish company Cesanta, which includes features such as TCP, HTTP client and server, WenSocket client and server. A buffer overflow vulnerability exists in Cesanta Mongoose version 6.18. The vulnerability stems from the mggethttpheade...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : websocket-extensions vulnerability (USN-4502-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4502-1 advisory. It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex...

USN-4502-1: websocket-extensions vulnerability

It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. CVE-2020-7663...

USN-4502-1 ruby-websocket-extensions vulnerability

It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. CVE-2020-7663...

CVE-2020-16101

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166MR3, v8.10 prior to v8.10.1211MR5, v8.00 prior to v8.00.1228MR6, all versions of 7.90 and earlier...

CVE-2020-16100

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket Configuration Client connections. Affected versions are...

CVE-2020-16100

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket Configuration Client connections. Affected versions are...

Design/Logic Flaw

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166MR3, v8.10 prior to v8.10.1211MR5, v8.00 prior to v8.00.1228MR6, all versions of 7.90 and earlier...

CVE-2020-16101

CVE-2020-16101 affects the Command Centre service. An unauthenticated remote DCOM websocket connection can crash the service due to an out-of-bounds buffer access. Affected versions: v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), and all versions o...

CVE-2020-16100

CVE-2020-16100 describes an unauthenticated remote DCOM websocket connection that can crash the Command Centre service’s DCOM websocket thread due to improper shutdown of closed websocket connections, preventing future DCOM websocket (Configuration Client) connections. Affected versions are v8.20...