Lucene search
+L

84 matches found

redhatcve
redhatcve
added 3 days ago7 views

CVE-2026-54428

A flaw was found in Apache HttpComponents Core. This vulnerability, located in the HTTP/2 HPACK decoder, allows a remote attacker to cause a denial of service. By sending oversized compressed header blocks, an attacker can exhaust memory resources before the system's configured header list size...

7.5CVSS6.1AI score0.00587EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/07/06 9:7 a.m.8 views

CVE-2026-54399

A flaw was found in Apache HttpComponents Core. This uncontrolled resource consumption vulnerability in the HTTP/1.1 message parser allows a remote attacker to cause a denial of service through memory exhaustion. This can be triggered by sending messages with an excessive number of headers or...

7.5CVSS5.9AI score0.00587EPSS
Exploits0References5
nvd
nvd
added 2026/07/01 6:16 p.m.12 views

CVE-2026-54428

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS0.00587EPSS
Exploits0References2
nvd
nvd
added 2026/07/01 5:16 p.m.11 views

CVE-2026-54399

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

7.5CVSS0.00587EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/01 5:3 p.m.6 views

CVE-2026-54428

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References2
osv
osv
added 2026/07/01 5:3 p.m.4 views

CVE-2026-54428 Apache HttpComponents Core: HPackDecoder Unlimited Header List Size Before SETTINGS ACK

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS6AI score0.00587EPSS
Exploits0References5
cve
cve
added 2026/07/01 5:2 p.m.172 views

CVE-2026-54399

The CVE concerns Apache HttpComponents Core and a vulnerability in the HTTP/1.1 message parser causing memory exhaustion via an excessive number of headers or header length. Affected versions cited in public CVE records include 5.4.2 and earlier and 5.5-beta1 and earlier; a separate vendor-facing...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/07/01 5:2 p.m.4 views

CVE-2026-54399 Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

7.5CVSS6AI score0.00587EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0575

Malware in sbrugna...

5.8CVSS6.4AI score0.09149EPSS
Exploits1References103
ibm
ibm
added 2025/03/26 3:53 a.m.31 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

7.5CVSS9.3AI score0.19312EPSS
Exploits3Affected Software1
nessus
nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2015-5262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an S...

4.3CVSS6.1AI score0.19312EPSS
Exploits0References2
nessus
nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2014-3577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the...

5.8CVSS7AI score0.09149EPSS
Exploits1References1
bdu_fstec
bdu_fstec
added 2024/10/29 12:0 a.m.6 views

The vulnerability of the Apache HttpClient library, a component of Apache HttpComponents, allows a hacker to replace SSL servers.

The vulnerability of the Apache HttpClient library in Apache HttpComponents relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to replace SSL servers using a specially crafted certificate...

5.3CVSS6.2AI score0.05844EPSS
Exploits0References6Affected Software23
ibm
ibm
added 2024/09/18 10:34 a.m.24 views

Security Bulletin: Multiple Vulnerabilities in Rational Asset Manager

Summary Multiple vulnerabilities were addressed in Rational Asset Manager version 7.5.4.15 Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS...

7.5CVSS7.2AI score0.46836EPSS
Exploits2Affected Software1
ibm
ibm
added 2024/08/22 10:51 a.m.48 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF16 patch Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...

7.5CVSS10AI score0.09149EPSS
Exploits2Affected Software1
ibm
ibm
added 2023/10/04 12:58 p.m.52 views

Security Bulletin: Vulnerabilities in Apache HttpComponents affect IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2012-6153, CVE-2014-3577, CVE-2020-13956)

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for VMware only, and IBM Storage Protect for Space Management can be affected by a vulnerability in Apache HttpComponents. The vulnerability can lead to spoofing attacks, bypass of...

5.8CVSS5.7AI score0.09149EPSS
Exploits2Affected Software3
ibm
ibm
added 2023/09/13 7:37 a.m.28 views

Security Bulletin: Vulnerabilities in IBM DB2 affects IBM Application Performance Management products.

Summary IBM DB2 is used by IBM Application Performance Management. Vulnerability Details CVEID:CVE-2022-43929 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. CVSS Bas...

7.5CVSS7AI score0.09149EPSS
Exploits1Affected Software1
ibm
ibm
added 2023/09/05 1:33 p.m.38 views

Security Bulletin: Multiple Vulnerabilities found in IBM DB2 which is shipped with IBM® Intelligent Operations Center(CVE-2022-43929, CVE-2022-43927, CVE-2014-3577, CVE-2022-43930)

Summary Multiple vulnerabilities have been identified in IBM DB2 which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

7.5CVSS7AI score0.09149EPSS
Exploits1Affected Software1
ibm
ibm
added 2023/06/30 3:51 p.m.41 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2023

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF022 and 22.0.2-IF006. Vulnerability Details CVEID:CVE-2022-43929 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 11.1 a...

9.8CVSS9.1AI score0.99931EPSS
Exploits53Affected Software2
ibm
ibm
added 2023/06/30 6:27 a.m.16 views

Security Bulletin: Vulnerability for path traversal fixed in IBM Security Verify Governance

Summary The following security vulnerability has been addressed in IBM Security Verify Governance. Vulnerability Details IBM X-Force ID: 220912 DESCRIPTION: Apache HttpComponents Client could allow a remote attacker to traverse directories on the system, caused by improper validation of user...

7AI score
Exploits0Affected Software1
Rows per page
Query Builder