Lucene search
K

91 matches found

GithubExploit
GithubExploit
added 2026/04/08 4:47 a.m.166 views

Exploit for CVE-2020-1938

CVE-2020-1938 Tomcat AJP Ghostcat Analysis This repository co...

9.8CVSS6.8AI score0.9927EPSS
Exploits45
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2000-1229

Malware in sbrugna...

2.1CVSS6.4AI score0.00582EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-5379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by...

7.5CVSS7AI score0.01016EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-1319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though...

7.5CVSS6.8AI score0.01258EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2020-1938

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher...

9.8CVSS8.6AI score0.9927EPSS
Exploits45References2
RedHat Linux
RedHat Linux
added 2025/06/25 12:21 a.m.3 views

undertow: AJP Request closes connection exceeding maxRequestSize

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

7.5CVSS7.1AI score0.01016EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/06/25 12:21 a.m.5 views

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

7.8CVSS5.7AI score0.01269EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/06/25 12:16 a.m.10 views

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

7.5CVSS7.3AI score0.0087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/06/25 12:16 a.m.34 views

undertow: AJP Request closes connection exceeding maxRequestSize

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

7.5CVSS7.1AI score0.01016EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/04/28 12:20 a.m.7 views

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

7.5CVSS7.3AI score0.0087EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/29 12:0 a.m.8 views

PT-2024-9163 · Trellix · Trellix Enterprise Security Manager

Name of the Vulnerable Software and Affected Versions: Trellix Enterprise Security Manager ESM version 11.6.10 Description: A vulnerability in the system allows unauthenticated access to the internal Snowservice API, leading to improper handling of path traversal and insecure forwarding to an AJP...

9.8CVSS7.6AI score0.02544EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2024/03/06 3:38 p.m.3 views

undertow: url-encoded request path information can be broken on ajp-listener

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

7.5CVSS7.3AI score0.01702EPSS
Exploits0References5
OSV
OSV
added 2023/12/12 10:15 p.m.3 views

DEBIAN-CVE-2023-5379

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

7.5CVSS7.2AI score0.01016EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/08/15 5:43 p.m.5 views

httpd: mod_proxy_ajp: Possible request smuggling

A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...

9CVSS7.1AI score0.01879EPSS
Exploits0References5
OSV
OSV
added 2023/06/21 11:15 a.m.3 views

DEBIAN-CVE-2023-34981

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...

7.5CVSS6.6AI score0.01116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/19 12:0 a.m.3 views

PT-2023-4472 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 11.0.0-M5, 10.1.8, 9.0.74, and 8.5.88 Description: A regression in the fix for bug 66512 in Apache Tomcat meant that, if a response did not include any HTTP headers, no AJP SEND HEADERS message would be sent for the...

7.8CVSS7.5AI score0.01116EPSS
Exploits0References34
RedHat Linux
RedHat Linux
added 2023/02/21 9:35 a.m.3 views

httpd: mod_proxy_ajp: Possible request smuggling

A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...

9CVSS7.1AI score0.01879EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:51 a.m.4 views

SUSE CVE-2011-3190

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret...

7.5CVSS4.9AI score0.15226EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.3 views

SUSE CVE-2013-4286

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...

5.8CVSS6.9AI score0.16833EPSS
Exploits2References4
OSV
OSV
added 2023/01/17 8:15 p.m.4 views

ALPINE-CVE-2022-36760

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

9CVSS7AI score0.01879EPSS
Exploits0References1
Rows per page
Query Builder