CVE-2018-7287

An issue was discovered in reshttpwebsocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled default is disabled, WebSocket payloads of size 0 are mishandled with a busy loop...

CVE-2018-7287

An issue was discovered in reshttpwebsocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled default is disabled, WebSocket payloads of size 0 are mishandled with a busy loop...

CVE-2018-7287

An issue was discovered in reshttpwebsocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled default is disabled, WebSocket payloads of size 0 are mishandled with a busy loop...

Design/Logic Flaw

An issue was discovered in reshttpwebsocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled default is disabled, WebSocket payloads of size 0 are mishandled with a busy loop...

CVE-2018-7287

An issue was discovered in reshttpwebsocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled default is disabled, WebSocket payloads of size 0 are mishandled with a busy loop...

CVE-2018-7287

CVE-2018-7287 affects Digium/Asterisk 15.x up to 15.2.1. The issue is in the WebSocket handling of the HTTP server (res_http_websocket.c): when WebSocket payloads of size 0 are received (with the HTTP server enabled, default disabled), the code mishandles the payload, causing a busy loop and pote...

Digium Asterisk res_http_websocket.c File Denial of Service Vulnerability

Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR and so on. A denial of service vulnerability exists in the reshttpwebsocket.c file in Digium Asterisk...

CVE-2018-7287

An issue was discovered in reshttpwebsocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled default is disabled, WebSocket payloads of size 0 are mishandled with a busy loop...

CVE-2018-1221: Gorouter websocket handling vulnerability | Cloud Foundry

Severity Critical Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions cf-deployment All versions prior to 1.14.0 routing-release All versions prior to 0.172.0 Description The Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers ALBs and...

CVE-2018-6651

In the uncurlwsaccept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation accepting an arbitrary substring match for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full...

Design/Logic Flaw

In the uncurlwsaccept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation accepting an arbitrary substring match for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full...

CVE-2018-6651

In the uncurlwsaccept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation accepting an arbitrary substring match for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full...

CVE-2018-6651

In the uncurlwsaccept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation accepting an arbitrary substring match for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full...

CVE-2018-6651

CVE-2018-6651 affects uncurl (uncurl.c) in uncurl before 0.07, as used in Parsec before 140-3. The issue is insufficient Origin header validation for WebSocket API requests (accepting an arbitrary substring match), which enables remote attackers to bypass access restrictions and, in Parsec, could...

Cross-site Request Forgery (CSRF)

github.com/gobuffalo/buffalo is vulnerable to cross-site request forgery CSRF attacks. The library does not disable cross-origin websocket requests, allowing a malicious user to conduct a cross-site request forgery attack...

Iopsys Router dhcp Remote Code Execution

!/usr/bin/python import json import sys import subprocess import socket import os from time import sleep from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header = "Sec-WebSocket-Protocol: ubus-json" req =...

Iopsys Router - dhcp Remote Code Execution

Exploit for hardware platform in category remote exploits !/usr/bin/python import json import sys import subprocess import socket import os from time import sleep from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header =...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.0 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...