Lucene search
K

68 matches found

Cvelist
Cvelist
added 2024/02/08 9:0 a.m.20 views

CVE-2024-23452 Apache bRPC: HTTP request smuggling vulnerability

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.51.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The httpparser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a...

7.7AI score0.01637EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/02/08 9:0 a.m.21 views

CVE-2024-23452 Apache bRPC: HTTP request smuggling vulnerability

Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.51.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The httpparser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a...

7.5AI score0.01637EPSS
Exploits0References4
CVE
CVE
added 2024/02/08 9:0 a.m.239 views

CVE-2024-23452

Apache bRPC’s HTTP server (versions 0.9.5–1.7.0) is affected by a request-smuggling issue caused by non-compliance of the http_parser with RFC 7230 when handling messages with both Transfer-Encoding and Content-Length. In the described scenario, a frontend server using TE can cause a backend bRPC...

7.5CVSS7.5AI score0.01637EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.5 views

Apache bRPC 环境问题漏洞

Apache bRPC is the United States Apache Apache Foundation's industrial-grade RPC framework for building reliable and high-performance services. Apache bRPC suffers from an environmental issue vulnerability that stems from the presence of an HTTP server request smuggling vulnerability that can be...

7.5CVSS6.9AI score0.01637EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/17 12:0 a.m.4 views

PT-2024-1633 · Apache · Apache Brpc

Name of the Vulnerable Software and Affected Versions: Apache bRPC versions 0.9.5 through 1.7.0 Description: The issue arises from the http parser not complying with the RFC-7230 HTTP 1.1 specification, specifically when handling messages with both Transfer-Encoding and Content-Length header...

7.8CVSS7.4AI score0.01637EPSS
Exploits0References14
CNVD
CNVD
added 2023/10/19 12:0 a.m.9 views

Apache bRPC Cross-Site Scripting Vulnerability

Apache bRPC is the United States Apache Apache Foundation's industrial-grade RPC framework for building reliable and high-performance services. A cross-site scripting vulnerability exists in Apache bRPC 1.6.0 and earlier versions, which stems from the application's lack of effective filtering and...

6.1CVSS5.5AI score0.00955EPSS
Exploits0References1
NVD
NVD
added 2023/10/16 9:15 a.m.14 views

CVE-2023-45757

Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature...

6.1CVSS6.2AI score0.00955EPSS
Exploits0References2
OSV
OSV
added 2023/10/16 9:15 a.m.14 views

CVE-2023-45757

Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature...

6.1CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2023/10/16 9:15 a.m.14 views

Design/Logic Flaw

Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature...

5.8CVSS6.1AI score0.00955EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/16 8:1 a.m.15 views

CVE-2023-45757 Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability

Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature...

6.3AI score0.00955EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/16 8:1 a.m.20 views

CVE-2023-45757 Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability

Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature...

6.2AI score0.00955EPSS
Exploits0References2
CVE
CVE
added 2023/10/16 8:1 a.m.67 views

CVE-2023-45757

CVE-2023-45757 affects Apache bRPC 1.6.0 (e.g., 1.6.1), (2) apply the patch from PR #2411 if upgrading is difficult, or (3) disable the rpcz feature. If exploitation details or in-the-wild data are not present in the provided documents, those specifics are not stated here.

6.1CVSS6.2AI score0.00955EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.3 views

Apache bRPC 跨站脚本漏洞

Apache bRPC is the United States Apache Apache Foundation's industrial-grade RPC framework for building reliable and high-performance services. A cross-site scripting vulnerability exists in Apache bRPC 1.6.0 and earlier versions, which stems from the application's lack of effective filtering and...

6.1CVSS5.8AI score0.00955EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.4 views

PT-2023-29673 · Apache · Apache Brpc

Name of the Vulnerable Software and Affected Versions: Apache bRPC versions 1.6.0. 2. Apply the patch available at https://github.com/apache/brpc/pull/2411 if upgrading is not feasible. 3. Disable the rpcz feature as a temporary workaround...

6.1CVSS6AI score0.00955EPSS
Exploits0References5
CNVD
CNVD
added 2023/05/10 12:0 a.m.9 views

Apache bRPC Input Validation Error Vulnerability

Apache bRPC is the United States Apache Apache Foundation's industrial-grade RPC framework for building reliable and high-performance services. An input validation error vulnerability exists in Apache bRPC that stems from improper input validation in the product and can be exploited by an attacke...

9.8CVSS7.7AI score0.01522EPSS
Exploits0References1
NVD
NVD
added 2023/05/08 9:15 a.m.11 views

CVE-2023-31039

Security vulnerability in Apache bRPC = 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: ...

9.8CVSS9.8AI score0.01522EPSS
Exploits0References2
OSV
OSV
added 2023/05/08 9:15 a.m.11 views

CVE-2023-31039

Security vulnerability in Apache bRPC = 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: ...

9.8CVSS9.5AI score
Exploits0References2
Prion
Prion
added 2023/05/08 9:15 a.m.18 views

Design/Logic Flaw

Security vulnerability in Apache bRPC = 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: ...

7.5CVSS9.7AI score0.01522EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/05/08 8:57 a.m.25 views

CVE-2023-31039 Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution

Security vulnerability in Apache bRPC = 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: ...

10AI score0.01522EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/05/08 8:57 a.m.13 views

CVE-2023-31039 Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution

Security vulnerability in Apache bRPC = 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: ...

9.8AI score0.01522EPSS
Exploits0References2
Rows per page
Query Builder