EUVD-2023-57695

Malicious code in bioql PyPI...

EUVD-2022-6522

Malicious code in bioql PyPI...

CVE-2023-5379

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

CVE-2023-5379

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

CVE-2023-5379

CVE-2023-5379 affects Undertow/AJP handling in Red Hat JBoss EAP, where an AJP request exceeding the max-header-size can cause mod_cluster to mark the backend as an error and close the TCP connection without an AJP response, enabling potential DoS via repeated oversized requests. The connected ad...

CVE-2023-5379 Undertow: ajp request closes connection exceeding maxrequestsize

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

CVE-2023-5379

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.7 Security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Undertow vulnerable to Dos via Large AJP request

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

GHSA-95RF-557X-44G5 Undertow vulnerable to Dos via Large AJP request

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

Design/Logic Flaw

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

Apache Tomcat Multiple Vulnerabilities (Feb 2020) - Linux

Apache Tomcat is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if descriptio...

KLA11679 Multiple vulnerabilities in Apache Tomcat

Multiple vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. HTTP request smuggling vulnerability can be exploited remotely to obtain sensitive...

Fixed in Apache Tomcat 7.0.100

High: AJP Request Injection and potential Remote Code Execution CVE-2020-1938 When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If suc...

Fixed in Apache Tomcat 8.5.51

Important: AJP Request Injection and potential Remote Code Execution CVE-2020-1938 When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. I...

Fixed in Apache Tomcat 9.0.31

Important: AJP Request Injection and potential Remote Code Execution CVE-2020-1938 When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. I...

Security Bulletin: Rational Insight - Open Source Tomcat reported in May 2014 X-Force Report

Summary Multiple security vulnerabilities exist in the Tomcat that is shipped with the Rational Insight. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--...

Security Bulletin: Multiple Apache Tomcat vulnerabilities in QRadar (CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)

Summary Multiple security vulnerabilities have been discovered in the Apache Tomcat component bundled with IBM QRadar versions 7.1.x and 7.2.x. Vulnerability Details CVE-ID: CVE-2014-0075 Description: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malform...

Security Bulletin: IBM InfoSphere Metadata Asset Manager is subject to a denial of service vulnerability from its use of Apache Tomcat (CVE-2014-0095)

Summary Apache Tomcat is vulnerable to a denial of service caused by the improper handling of an AJP request. A remote attacker could exploit this vulnerability to consume a request processing thread and cause a denial of service. Vulnerability Details CVE ID: CVE-2014-0095 CVSS: CVSS Base Score:...

Cross site request forgery (csrf)

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service thread consumption by using a "Content-Length: 0" AJP request to trigger a hang in request processing...