Lucene search
K

124 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-4818

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.0159EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1173

Malicious code in bioql PyPI...

7.8CVSS6.2AI score0.01269EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-4009

Malicious code in bioql PyPI...

9.8CVSS7.2AI score0.9927EPSS
Exploits45References25
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-4979

Malicious code in bioql PyPI...

2.6CVSS4.7AI score0.06521EPSS
Exploits0References21
F5 Networks
F5 Networks
added 2023/02/21 6:31 p.m.252 views

K53254186: Apache Tomcat vulnerability CVE-2020-1938

Security Advisory Description When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they...

9.8CVSS8.6AI score0.9927EPSS
Exploits45
F5 Networks
F5 Networks
added 2023/02/21 6:7 p.m.30 views

K73059510: Undertow vulnerabilities CVE-2019-10212 and CVE-2020-1745

Security Advisory Description CVE-2019-10212 A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. CVE-2020-1745 A file inclusion vulnerability was found...

9.8CVSS6.9AI score0.04837EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.5 views

SUSE CVE-2009-0033

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

5CVSS4.8AI score0.10053EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:16 p.m.32 views

Improper Authorization in Undertoe

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...

9.8CVSS9.6AI score0.04837EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/24 5:16 p.m.62 views

GHSA-GV2W-88HX-8M9R Improper Authorization in Undertoe

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...

8.6CVSS9.6AI score0.9927EPSS
Exploits45References5
OSV
OSV
added 2022/05/13 1:12 a.m.42 views

GHSA-PRFW-3QX6-G9XR Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow

It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOWENCODEDSLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files...

7.5CVSS7.2AI score0.0159EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.26 views

Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow

It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOWENCODEDSLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files...

7.5CVSS2.3AI score0.0159EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/02 3:12 a.m.29 views

Apache Tomcat Denial of Service via Malformed Request Headers

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

5CVSS6.7AI score0.10053EPSS
Exploits1References46Affected Software1
OSV
OSV
added 2022/05/02 3:12 a.m.33 views

GHSA-5CW4-GGX9-36VG Apache Tomcat Denial of Service via Malformed Request Headers

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

5CVSS4.7AI score0.10053EPSS
Exploits1References45
OSV
OSV
added 2022/05/01 7:45 a.m.16 views

GHSA-JPQR-VH55-XQXF Apache Tomcat Buffer Over-Read

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajpprocesscallback in modjk, which allows remote attackers to read portions of sensitive memory...

7.8CVSS6.3AI score0.08319EPSS
Exploits0References20
Github Security Blog
Github Security Blog
added 2022/05/01 7:45 a.m.26 views

Apache Tomcat Buffer Over-Read

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajpprocesscallback in modjk, which allows remote attackers to read portions of sensitive memory...

7.8CVSS6.9AI score0.08319EPSS
Exploits0References20Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 2:15 a.m.36 views

Apache Tomcat AJP Connector Information Leak

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when...

2.6CVSS6.7AI score0.06521EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/01 2:15 a.m.24 views

GHSA-QHQV-Q4XG-F6G7 Apache Tomcat AJP Connector Information Leak

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when...

2.6CVSS7.4AI score0.06521EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/02/09 12:54 a.m.85 views

Denial of service in Undertow

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This...

7.8CVSS7.2AI score0.01269EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/02/09 12:54 a.m.30 views

GHSA-RHCW-WJCM-9H6G Denial of service in Undertow

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This...

7.5CVSS7.1AI score0.01269EPSS
Exploits0References4
Veracode
Veracode
added 2021/12/27 12:41 a.m.34 views

Denial Of Service (DoS)

Undertow AJP connector is vulnerable to denial of service. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS3.8AI score0.01269EPSS
Exploits0References6Affected Software19
Rows per page
Query Builder