80 matches found
undertow: Double AJP response for 400 from EAP 7 results in CPING failures
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...
undertow: Large AJP request may cause DoS
A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...
undertow: Large AJP request may cause DoS
A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...
UBUNTU-CVE-2022-1319
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...
UBUNTU-CVE-2022-26377
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...
Apache HTTP Server 环境问题漏洞
Apache HTTP Server is an open source web server from the American Apache Apache Foundation. The server is fast, reliable, and extensible via a simple API. HTTP request smuggling vulnerability exists in Apache HTTP Server modproxyajp. An attacker could exploit this vulnerability to smuggle request...
undertow: Double AJP response for 400 from EAP 7 results in CPING failures
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...
undertow: Double AJP response for 400 from EAP 7 results in CPING failures
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...
undertow: Double AJP response for 400 from EAP 7 results in CPING failures
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...
GHSA-WF5V-JHXJ-Q632 Denial of service in Apache Tomcat
java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service thread consumption by using a "Content-Length: 0" AJP request to trigger a hang in request processing...
Red Hat Undertow 安全漏洞
Red Hat Undertow is a Java-based embedded web server from Red Hat, Inc. and is the default web server for Wildfly Java Application Server. A security vulnerability exists in Red Hat Undertow that stems from an EAP 7 response to a double AJP 400 resulting in a CPING failure...
undertow: special character in query results in server errors
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...
NewStart CGSL MAIN 4.05 : tomcat6 Vulnerability (NS-SA-2020-0048)
The remote NewStart CGSL host, running version MAIN 4.05, has tomcat6 packages installed that are affected by a vulnerability: - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust...
undertow: AJP File Read/Inclusion Vulnerability
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...
undertow: AJP File Read/Inclusion Vulnerability
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...
undertow: AJP File Read/Inclusion Vulnerability
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...
undertow: AJP File Read/Inclusion Vulnerability
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...
SysAid Technologies SysAid On-Premise Code Issue Vulnerability
SysAid Technologies SysAid is a suite of IT service management solutions from SysAid Technologies, Israel SysAid On-Premise is a locally installed version of SysAid. A security vulnerability exists in the AJP protocol port in SysAid Technologies SysAid On-Premise version 20.1.11. An attacker coul...
CVE-2020-10569
SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate o...
Denial Of Service (DoS)
httpd is vulnerable to denial of service DoS. The vulnerability exists as it was discovered that modproxyajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where...