tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

Rocket.Chat: Online Status of arbitrary users can be changed

A vulnerability was discovered in a third-party Meteor module, Konecty/meteor-user-presence, that allowed the online status of arbitrary users to be changed without proper authentication. This was possible by sending crafted HTTP requests or WebSocket data with specific payloads. The issue was...

02moduletest (=1.0.0), 10er10 (=0.23.0) +4644 more potentially affected by CVE-2016-10542 via ws (>=0.3.1 <=1.1.0)

ws NPM version =0.3.1, =0.0.1, =0.0.1, =1.0.1, =0.1.0, =0.0.1, =0.9.0, =0.0.1, =0.0.1, =0.1.2, =1.0.1, =0.1.16, =0.1.59-master.20200611224542 and more Source cves: CVE-2016-10542 Source advisory: OSV:GHSA-6663-C963-2GQG...

GHSA-6663-C963-2GQG DoS due to excessively large websocket message in ws

Affected versions of ws do not appropriately limit the size of incoming websocket payloads, which may result in a denial of service condition when the node process crashes after receiving a large payload. Recommendation Update to version 1.1.1 or later. Alternatively, set the maxpayload option fo...

DoS due to excessively large websocket message in ws

Affected versions of ws do not appropriately limit the size of incoming websocket payloads, which may result in a denial of service condition when the node process crashes after receiving a large payload. Recommendation Update to version 1.1.1 or later. Alternatively, set the maxpayload option fo...

Authentication Bypass in console-io

Affected versions of the console-io package do not configure the underlying websocket library to require authentication, resulting in an authentication bypass vulnerability. As console-io allows terminal access on the server via a web page, an authentication bypass is essentially remote code...

No CSRF Validation in droppy

Affected versions of droppy are vulnerable to cross-site socket forgery. The package does not perform verification for cross-domain websocket requests, and as a result, an attacker can create a web page that opens up a websocket connection on behalf of the user visiting the page. The attacker can...

CVE-2019-1000022

Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery CSRF vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoin...

CVE-2019-1000022

Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery CSRF vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoin...

Cross site request forgery (csrf)

Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery CSRF vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoin...

CVE-2019-1000022

Taoensso Sente versions prior to 1.14.0 contain a CSRF vulnerability in the WebSocket handshake endpoint that can enable a CSRF attack and possibly leak an anti-CSRF token. Affected component: Sente WebSocket handshake. Root cause: missing CSRF protections during handshake. Impact per sources: po...

CVE-2019-1000022

Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery CSRF vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoin...

Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2018-11784, CVE-2018-8034)

Summary IBM WebSphere Cast Iron Solution has addressed the following vulnerabilities reported in Apache Tomcat v7. Vulnerability Details CVEID: CVE-2018-11784 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the...

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

Denial Of Service (DoS)

qemu-kvm-rhev is vulnerable to denial of service. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of servi...

Denial Of Service (DoS)

httpd is vulnerable to denial of service. The modlua httpd module improperly processed certain WebSocket Ping requests, allowing a remote attacker to cause the httpd child process to crash via a malicious WebSocket Ping request...

Session Hijacking

openstack-nova is vulnerable to session hijacking attacks. The vulnerability exists as OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users f...

RHEL 7 : .NET Core on Red Hat Enterprise Linux (RHSA-2019:0040)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0040 advisory. .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Digium Asterisk WebSocket Denial of Service (CVE-2018-7287)

A denial-of-service vulnerability exists in Digium Asterisk. The vulnerability is due to improper handling of WebSocket payloads. Successful exploitation would result in a crash of the server process leading to denial of service...