Lucene search
K

36 matches found

RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.12 views

CVE-2026-39806

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':doreadchunkeddata!/5 in lib/bandit/http1/socket.ex terminates only when the last-chunk line 0\r\n is...

8.7CVSS5.8AI score0.00637EPSS
Exploits1References1
OSV
OSV
added 2026/05/19 7:25 p.m.7 views

GHSA-RF5Q-VWXW-GMRF Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder

Summary A worker-pinning denial of service in Bandit's HTTP/1 chunked transfer decoder. Any unauthenticated client that sends a Transfer-Encoding: chunked request whose body ends with a trailer field RFC 9112 §7.1.2 explicitly permits this causes the connection's worker process to spin forever in...

8.7CVSS5.9AI score0.00637EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/19 7:25 p.m.14 views

EUVD-2026-29951

Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder...

8.7CVSS5.8AI score0.00637EPSS
Exploits1References5
CVE
CVE
added 2026/05/13 1:36 p.m.23 views

CVE-2026-39806

The CVE-2026-39806 issue affects Bandit (Elixir.Bandit.HTTP1.Socket) where do_read_chunked_data!/5 loops indefinitely when a chunked request includes trailer fields. The root cause is that RFC 9112 §7.1.2 allows trailers after the 0-length chunk, but the code exits only when the next line is imme...

8.7CVSS5.8AI score0.00637EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.9 views

PT-2026-40608

Name of the Vulnerable Software and Affected Versions bandit versions 1.6.1 through 1.11.0 Description An infinite loop in the do read chunked data!/5 function within lib/bandit/http1/socket.ex allows unauthenticated remote attackers to cause a denial of service via worker process exhaustion. The...

8.7CVSS5.8AI score0.00637EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:6 p.m.4 views

CVE-2026-32934

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC DoQ server can be driven into unbounded goroutine and memory growth by a remote client that opens many QUIC streams and sends only 1 byte per stream. When the worker pool is full, CoreDNS still spawns a...

8.7CVSS5.7AI score0.00469EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/02 8:42 a.m.5 views

BIT-DISCOURSE-2025-68934 Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...

6.5CVSS5.4AI score0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/28 7:19 p.m.5 views

CVE-2025-68934

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...

6.5CVSS5.8AI score0.00235EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/01/07 6:15 p.m.6 views

CVE-2025-66560

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously writt...

7.5CVSS0.00349EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/01/24 9:59 a.m.5 views

php: DoS vulnerability when parsing multipart request body

A vulnerability was found in PHP. This security flaw occurs when the request body parsing in PHP allows any unauthenticated attacker to consume a large amount of CPU time and trigger excessive logging. A large amount of CPU time required for processing requests can block all available worker...

7.5CVSS7.3AI score0.01408EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2023/02/21 7:59 p.m.51 views

K93683207: Apache vulnerability CVE-2018-1333

Security Advisory Description By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.18-2.4.30,2.4.33. CVE-2018-1333 Impact There is no impact; F5...

7.5CVSS6.4AI score0.17103EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.4 views

SUSE CVE-2018-1333

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.18-2.4.30,2.4.33...

5.3CVSS9AI score0.17103EPSS
Exploits0References8
OSV
OSV
added 2021/12/07 10:15 p.m.4 views

DEBIAN-CVE-2021-42717

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP request can occupy one of the limited NGINX worke...

7.5CVSS7.8AI score0.03206EPSS
Exploits2References1
Veracode
Veracode
added 2019/05/16 3:21 a.m.43 views

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of service DoS attacks. A remote user can send specially crafted HTTP/2 requests to cause worker processes to be allocated for 60 seconds longer than required, consuming excessive worker resources casing a worker exhaustion and an application crash...

7.5CVSS6.3AI score0.17103EPSS
Exploits0References44Affected Software12
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.60 views

openSUSE Security Update : apache2 (openSUSE-2019-632)

This update for apache2 fixes the following issues : The following security vulnerabilities were fixed : - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. - CVE-2018-8011: Fixed a NULL pointer dereference in...

7.5CVSS6.7AI score0.51714EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/02/18 4:58 p.m.8 views

httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 Affected 2.4.18-2.4.30,2.4.33...

7.5CVSS7.3AI score0.17103EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/01/31 12:0 a.m.46 views

Apache 2.4.x < 2.4.34 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.34. It is, therefore, affected by the following vulnerabilities: - By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a...

7.5CVSS6.9AI score0.51714EPSS
Exploits0References4
Mageia
Mageia
added 2018/11/20 11:11 a.m.66 views

Updated apache packages fix security vulnerabilities

modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two...

9.8CVSS1.1AI score0.86006EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/08/20 12:0 a.m.62 views

openSUSE Security Update : apache2 (openSUSE-2018-907)

This update for apache2 fixes the following issues : The following security vulnerabilities were fixed : - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. - CVE-2018-8011: Fixed a NULL pointer dereference in...

7.5CVSS6.7AI score0.51714EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2018/08/19 3:9 p.m.219 views

Security update for apache2 (moderate)

This update for apache2 fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1333: Fixed a worker exhaustion that could have lead to a denial of service via specially crafted HTTP/2 requests bsc1101689. - CVE-2018-8011: Fixed a null pointer dereference in modm...

0.3AI score0.51714EPSS
Exploits0References2
Rows per page
Query Builder