Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Apache HTTP Server vulnerabilities (USN-6885-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6885-1 advisory. Marc Stern discovered that the Apache HTTP Server incorrectly handled serving WebSocket protocol upgrades over HTTP/2...

BIT-APACHE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

CVE-2024-36387

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance...

CVE-2024-36387

CVE-2024-36387 affects the Apache httpd mod_http2 component: when serving WebSocket protocol upgrades over HTTP/2, it can trigger a NULL pointer dereference and crash the server, degrading performance (DoS). Connected advisories indicate patches across distributions (e.g., Debian security update ...

Fedora: Security Advisory for qt5-qtwebsockets (FEDORA-2024-2e27372d4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for qt6-qtwebsockets (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: qt6-qtwebsockets-6.7.1-1.fc40

The QtWebSockets module implements the WebSocket protocol as specified in RFC 6455. It solely depends on Qt no external dependencies...

PT-2024-4676 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue is related to serving WebSocket protocol upgrades over a HTTP/2 connection, which could result in a Null Pointer dereference. This can lead to a crash of the server...

Quarkus Security Vulnerabilities

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from when a request is received via websocket and role-based permissions are not specified on a GraphQL operation, Quarkus processes the request without...

[SECURITY] [DLA 3420-1] golang-websocket security update

Debian LTS Advisory DLA-3420-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 14, 2023 https://wiki.debian.org/LTS Package : golang-websocket Version : 1.4.0-1+deb10u1 CVE ID : CVE-2020-27813 An integer overflow vulnerability exists in golang-websocket, a Go...

SUSE CVE-2015-1244

The URLRequest::GetHSTSRedirect function in urlrequest/urlrequest.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for...

SUSE CVE-2015-3810

epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service CPU consumption via a crafted packet...

DoS in KubeEdge's Websocket Client in package Viaduct

Impact A large response received by the viaduct WSClient can cause a DoS from memory exhaustion. The entire body of the response is being read into memory which could allow an attacker to send a request that returns a response with a large body. The consequence of the exhaustion is that the proce...

springframework: DoS with STOMP over WebSocket

A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user...

GHSA-6H8C-GW33-CJM2 DevSpace vulnerable to remote code execution

The UI in DevSpace 4.13.0 allows web sites to execute actions on pods on behalf of a victim because of a lack of authentication for the WebSocket protocol. This leads to remote code execution...

DevSpace vulnerable to remote code execution

The UI in DevSpace 4.13.0 allows web sites to execute actions on pods on behalf of a victim because of a lack of authentication for the WebSocket protocol. This leads to remote code execution...

CVE-2017-2921

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...

The vulnerability of the client-server WebSocket library in Node-ws software, related to uncontrolled resource consumption, allows attackers to trigger a service failure.

The vulnerability of the client-server WebSocket library in Node-ws software is related to an incorrect interpretation of the “Sec-Websocket-Protocol” header. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

Regular Expression Denial Of Service (ReDoS)

ws is vulnerable to regular expression denial of service. An attacker is able to cause excessive CPU consumption that can lead to an application crash by submitting a malicious value of Sec-Websocket-Protocol...