84 matches found
CVE-2026-54428
A flaw was found in Apache HttpComponents Core. This vulnerability, located in the HTTP/2 HPACK decoder, allows a remote attacker to cause a denial of service. By sending oversized compressed header blocks, an attacker can exhaust memory resources before the system's configured header list size...
CVE-2026-54399
A flaw was found in Apache HttpComponents Core. This uncontrolled resource consumption vulnerability in the HTTP/1.1 message parser allows a remote attacker to cause a denial of service through memory exhaustion. This can be triggered by sending messages with an excessive number of headers or...
CVE-2026-54428
Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...
CVE-2026-54399
Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...
CVE-2026-54428
Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...
CVE-2026-54428 Apache HttpComponents Core: HPackDecoder Unlimited Header List Size Before SETTINGS ACK
Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...
CVE-2026-54399
The CVE concerns Apache HttpComponents Core and a vulnerability in the HTTP/1.1 message parser causing memory exhaustion via an excessive number of headers or header length. Affected versions cited in public CVE records include 5.4.2 and earlier and 5.5-beta1 and earlier; a separate vendor-facing...
CVE-2026-54399 Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration
Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...
EUVD-2018-0575
Malware in sbrugna...
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...
Linux Distros Unpatched Vulnerability : CVE-2015-5262
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an S...
Linux Distros Unpatched Vulnerability : CVE-2014-3577
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the...
The vulnerability of the Apache HttpClient library, a component of Apache HttpComponents, allows a hacker to replace SSL servers.
The vulnerability of the Apache HttpClient library in Apache HttpComponents relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to replace SSL servers using a specially crafted certificate...
Security Bulletin: Multiple Vulnerabilities in Rational Asset Manager
Summary Multiple vulnerabilities were addressed in Rational Asset Manager version 7.5.4.15 Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS...
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management
Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF16 patch Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...
Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2012-6153, CVE-2014-3577, CVE-2020-13956)
Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for VMware only, and IBM Storage Protect for Space Management can be affected by a vulnerability in Apache HttpComponents. The vulnerability can lead to spoofing attacks, bypass of...
Security Bulletin: Vulnerabilities in IBM DB2 affects IBM Application Performance Management products.
Summary IBM DB2 is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-43929 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. CVSS Bas...
Security Bulletin: Multiple Vulnerabilities found in IBM DB2 which is shipped with IBM® Intelligent Operations Center(CVE-2022-43929, CVE-2022-43927, CVE-2014-3577, CVE-2022-43930)
Summary Multiple vulnerabilities have been identified in IBM DB2 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2023
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF022 and 22.0.2-IF006. Vulnerability Details CVEID:CVE-2022-43929 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 11.1 a...
Security Bulletin: Vulnerability for path traversal fixed in IBM Security Verify Governance
Summary The following security vulnerability has been addressed in IBM Security Verify Governance. Vulnerability Details IBM X-Force ID: 220912 DESCRIPTION: Apache HttpComponents Client could allow a remote attacker to traverse directories on the system, caused by improper validation of user...