Lucene search
K

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/06/04 5:42 p.m.80 views

Security Bulletin: IBM QRadar SIEM is vulnerable to AJP Smuggling (CVE-2022-26377)

Summary IBM QRadar SIEM is vulnerable to AJP Smuggling to Response Queue Poisoning. This vulnerability has been addressed in the update. Vulnerability Details CVEID:CVE-2022-26377 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of...

7.5CVSS8.6AI score0.19008EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 2024/04/12 3:59 a.m.2303 views

Exploit for HTTP Request Smuggling in Apache Http_Server

CVE-2022-26377 A Proof of Concept developed by @watchTowr to...

7.5CVSS9.1AI score0.19008EPSS
Exploits1
Packet Storm
Packet Storm
added 2023/11/14 12:0 a.m.632 views

F5 BIG-IP TMUI AJP Smuggling Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...

9.8CVSS7.1AI score0.96515EPSS
Exploits17
0day.today
0day.today
added 2023/11/10 12:0 a.m.585 views

F5 BIG-IP TMUI AJP Smuggling Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...

9.8CVSS7.4AI score0.96515EPSS
Exploits17
Rapid7 Blog
Rapid7 Blog
added 2023/11/03 7:10 p.m.66 views

Metasploit Weekly Wrap-Up

PTT for DCSync This week, community member smashery made an improvement to the windowssecretsdump module to enable it to dump domain hashes using the DCSync method after having authenticated with a Kerberos ticket. Now, if a user has a valid Kerberos ticket for a privileged account, they can run...

5CVSS8AI score0.99999EPSS
Exploits15
Metasploit
Metasploit
added 2023/11/02 7:50 p.m.673 views

F5 BIG-IP TMUI AJP Smuggling RCE

This module exploits a flaw in F5's BIG-IP Traffic Management User Interface TMUI that enables an external, unauthenticated attacker to create an administrative user. Once the user is created, the module uses the new account to execute a command payload. Both the exploit and check methods...

9.8CVSS9.6AI score0.96515EPSS
Exploits17
Rows per page
Query Builder