Lucene search
K

80 matches found

RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.4 views

undertow: Double AJP response for 400 from EAP 7 results in CPING failures

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

7.5CVSS7.3AI score0.01258EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/05 5:3 p.m.4 views

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

7.5CVSS7.3AI score0.0087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/05 4:35 p.m.5 views

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

7.5CVSS7.3AI score0.0087EPSS
Exploits0References4
OSV
OSV
added 2022/08/31 4:15 p.m.2 views

UBUNTU-CVE-2022-1319

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

7.5CVSS6.8AI score0.01258EPSS
Exploits0References2
OSV
OSV
added 2022/06/09 5:15 p.m.5 views

UBUNTU-CVE-2022-26377

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

7.5CVSS7.3AI score0.19008EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.7 views

Apache HTTP Server 环境问题漏洞

Apache HTTP Server is an open source web server from the American Apache Apache Foundation. The server is fast, reliable, and extensible via a simple API. HTTP request smuggling vulnerability exists in Apache HTTP Server modproxyajp. An attacker could exploit this vulnerability to smuggle request...

7.5CVSS5.7AI score0.19008EPSS
Exploits1References25
RedHat Linux
RedHat Linux
added 2022/06/06 4:0 p.m.4 views

undertow: Double AJP response for 400 from EAP 7 results in CPING failures

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

7.5CVSS7.3AI score0.01258EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/06 3:54 p.m.2 views

undertow: Double AJP response for 400 from EAP 7 results in CPING failures

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

7.5CVSS7.3AI score0.01258EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/06 3:11 p.m.3 views

undertow: Double AJP response for 400 from EAP 7 results in CPING failures

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

7.5CVSS7.3AI score0.01258EPSS
Exploits0References4
OSV
OSV
added 2022/05/17 12:24 a.m.3 views

GHSA-WF5V-JHXJ-Q632 Denial of service in Apache Tomcat

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service thread consumption by using a "Content-Length: 0" AJP request to trigger a hang in request processing...

5CVSS5.9AI score0.08494EPSS
Exploits0References14
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.5 views

Red Hat Undertow 安全漏洞

Red Hat Undertow is a Java-based embedded web server from Red Hat, Inc. and is the default web server for Wildfly Java Application Server. A security vulnerability exists in Red Hat Undertow that stems from an EAP 7 response to a double AJP 400 resulting in a CPING failure...

7.5CVSS7AI score0.01258EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2021/08/18 9:54 a.m.5 views

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

7.8CVSS5.7AI score0.01269EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/09/07 12:0 a.m.66 views

NewStart CGSL MAIN 4.05 : tomcat6 Vulnerability (NS-SA-2020-0048)

The remote NewStart CGSL host, running version MAIN 4.05, has tomcat6 packages installed that are affected by a vulnerability: - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust...

9.8CVSS8.6AI score0.9927EPSS
Exploits45References2
RedHat Linux
RedHat Linux
added 2020/07/23 7:3 a.m.4 views

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

9.8CVSS7.2AI score0.04837EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2020/06/11 9:11 a.m.3 views

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

9.8CVSS7.2AI score0.04837EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2020/06/11 9:3 a.m.3 views

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

9.8CVSS7.2AI score0.04837EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2020/05/11 8:17 p.m.4 views

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

9.8CVSS7.2AI score0.04837EPSS
Exploits0References7
CNVD
CNVD
added 2020/04/22 12:0 a.m.2 views

SysAid Technologies SysAid On-Premise Code Issue Vulnerability

SysAid Technologies SysAid is a suite of IT service management solutions from SysAid Technologies, Israel SysAid On-Premise is a locally installed version of SysAid. A security vulnerability exists in the AJP protocol port in SysAid Technologies SysAid On-Premise version 20.1.11. An attacker coul...

10CVSS7.2AI score0.03176EPSS
Exploits3References1
OSV
OSV
added 2020/04/21 7:15 p.m.4 views

CVE-2020-10569

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate o...

9.8CVSS6.8AI score0.03176EPSS
Exploits3References2
Veracode
Veracode
added 2020/04/10 1:3 a.m.30 views

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as it was discovered that modproxyajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where...

4.3CVSS2.3AI score0.2238EPSS
Exploits3References45Affected Software1
Rows per page
Query Builder