91 matches found
Exploit for CVE-2020-1938
CVE-2020-1938 Tomcat AJP Ghostcat Analysis This repository co...
EUVD-2000-1229
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-5379
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by...
Linux Distros Unpatched Vulnerability : CVE-2022-1319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though...
Linux Distros Unpatched Vulnerability : CVE-2020-1938
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher...
undertow: AJP Request closes connection exceeding maxRequestSize
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...
undertow: special character in query results in server errors
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...
undertow: Large AJP request may cause DoS
A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...
undertow: AJP Request closes connection exceeding maxRequestSize
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...
undertow: Large AJP request may cause DoS
A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...
PT-2024-9163 · Trellix · Trellix Enterprise Security Manager
Name of the Vulnerable Software and Affected Versions: Trellix Enterprise Security Manager ESM version 11.6.10 Description: A vulnerability in the system allows unauthenticated access to the internal Snowservice API, leading to improper handling of path traversal and insecure forwarding to an AJP...
undertow: url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...
DEBIAN-CVE-2023-5379
A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...
httpd: mod_proxy_ajp: Possible request smuggling
A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...
DEBIAN-CVE-2023-34981
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...
PT-2023-4472 · Apache +1 · Apache Tomcat +1
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 11.0.0-M5, 10.1.8, 9.0.74, and 8.5.88 Description: A regression in the fix for bug 66512 in Apache Tomcat meant that, if a response did not include any HTTP headers, no AJP SEND HEADERS message would be sent for the...
httpd: mod_proxy_ajp: Possible request smuggling
A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...
SUSE CVE-2011-3190
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret...
SUSE CVE-2013-4286
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...
ALPINE-CVE-2022-36760
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...