5272 matches found
CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
CVE-2018-1270
Summary: CVE-2018-1270 affects Spring Framework versions 5.0.x before 5.0.5 and 4.3.x before 4.3.15 (and older unsupported) via the spring-messaging module, which can expose STOMP over WebSocket endpoints to a simple in-memory broker. A malicious actor can craft a message to the broker that leads...
CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
PT-2018-2614
Name of the Vulnerable Software and Affected Versions Spring Framework versions 4.3 prior to 4.3.15 and versions 5.0 prior to 5.0.5 Description The issue is caused by errors in handling STOMP messages in the spring-messaging module of the Spring Framework. A malicious user can craft a message to...
Design/Logic Flaw
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol...
CVE-2017-17751
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol...
CVE-2017-17751
Bose SoundTouch devices are affected by CVE-2017-17751. A remote attacker can gain remote control by luring the device to a crafted website using the WebSocket protocol. The vulnerability is documented across multiple sources (e.g., NVD/NVD CVSS 2.0/3.0: base scores 6.8 (MEDIUM) and 8.8 (HIGH) re...
CVE-2017-17751
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol...
PT-2018-6564 · Bose · Bose Soundtouch
Name of the Vulnerable Software and Affected Versions: Bose SoundTouch affected versions not specified Description: The issue allows remote attackers to achieve remote control of Bose SoundTouch devices via a crafted web site that uses the WebSocket Protocol. Recommendations: At the moment, there...
F5 BIG-IP Arbitrary Code Execution Vulnerability (CNVD-2018-07456)
The BIG-IP platform is the intelligent evolution of Application Delivery Controller ADC technology.The BIG-IP system is at the heart of the information flow between applications and users and ensures that the flow of information between applications and users is seamless. The F5 product modules...
CVE-2018-5504
In some circumstances, the Traffic Management Microkernel TMM does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service DoS or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or...
Pivotal Cloud Foundry cf-deployment and routing-release denial of service vulnerabilities
Pivotal Cloud Foundry CF is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from Pivotal Software in the United States, which provides container scheduling, continuous delivery, and automated service deployment, among other things. cf-deployment is its development...
CVE-2018-1221
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers ALBs and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...
Design/Logic Flaw
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers ALBs and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...
CVE-2018-1221
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers ALBs and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...
CVE-2018-1221
In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers ALBs and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...
CVE-2018-1221
In CVE-2018-1221, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers (ALBs) and other HTTP-aware Load Balancers. Affected products are cf-deployment (all versions before 1.14.0) and routing-release (all versions before 0.172.0). The underlying root cause i...
undertow: IO thread DoS via unclean Websocket closing
It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...