5272 matches found
Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution
Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt + ISR: apparitionSec Vendor: ===============...
WSSiP - Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa
Short for "WebSocket/Socket.io Proxy", this tool, written in Node.js, provides a user interface to capture, intercept, send custom messages and view all WebSocket and Socket.IO communications between the client and server. Upstream proxy support also means you can forward HTTP/HTTPS traffic to an...
SUSE-SU-2017:2257-1 Security update for SUSE Manager Server 3.1
This update for the SUSE Manager Server 3.1 provides several fixes and improvements. The following security issues have been fixed: jabberd: - Fix offered SASL mechanism check. bsc1047282, CVE-2017-10807 spacewalk-java: - Do not allow XSS as Organization name. bsc1048968, CVE-2017-7538...
SUSE-SU-2017:2266-1 Security update for SUSE Manager Proxy 3.1
This update for SUSE Manager Proxy 3.1 provides several fixes and improvements: The following security issues have been fixed: jabberd: - Fix offered SASL mechanism check. bsc1047282, CVE-2017-10807 Additionally, the following non-security issues have been fixed: jabberd: - Fix memory leak in pgs...
A WebSocket Manipulation Proxy: WSSiP
Short for “WebSocket/Socket.io Proxy”, this tool, written in Node.js, provides a user interface to capture, intercept, send custom messages and view all WebSocket and Socket.IO communications between the client and server. Upstream proxy support also means you can forward HTTP/HTTPS traffic to an...
Linux foundation ONOS privilege access vulnerability (CNVD-2017-19578)
Linux foundation ONOS is an open source SDN network operating system maintained by the Linux Foundation and the ONOS community. A security vulnerability exists in Linux foundation ONOS version 1.9.0. An attacker can exploit the vulnerability to use the websocket protocol without authentication...
Virtuozzo 7 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-0906)
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Denial Of Service (DoS)
Undertow is vulnerable to denial of service DoS attacks. The library does not close its streaming websocket properly, leading to an infinite loop. A malicious user can use this behavior to cause multiple infinite loops that lead to the system running out of resources and crashing...
Denial Of Service (DoS)
aiohttp is vulnerable to denial of service DoS attacks. The library does not have a limit on websocket message sizes, meaning a malicious user could send a large enough message that could cause the system to run out of memory and crash...
undertow: IO thread DoS via unclean Websocket closing
It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...
Moderate: Red Hat Security Advisory: eap7-jboss-ec2-eap security update
An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 and Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scori...
undertow: IO thread DoS via unclean Websocket closing
It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...
undertow: IO thread DoS via unclean Websocket closing
It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...
Moderate: Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.6 on Red Hat Enterprise Linux 7
An update is now available for Red Hat JBoss Enterprise Application Platform 7.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update
An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
undertow: IO thread DoS via unclean Websocket closing
It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...
F5 BIG-IP - TMM vulnerability CVE-2016-9253
Specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile. CVE-2016-9253 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...
F5 BIG-IP Remote Denial of Service Vulnerability
The F5 BIG-IP is a load balancer that uses a variety of distribution algorithms to distribute network requests to available servers in a server cluster, enabling network visitors to have the best possible networking experience by managing incoming Web data traffic and increasing effective network...
Design/Logic Flaw
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile...
CVE-2016-9253
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile...