12 matches found
CVE-2024-12705
Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...
CVE-2024-20436
A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a null pointer dereference when accessin...
NewStart CGSL CORE 5.05 / MAIN 5.05 : mod_auth_openidc Multiple Vulnerabilities (NS-SA-2019-0243)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has modauthopenidc packages installed that are affected by multiple vulnerabilities: - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not sk...
NewStart CGSL CORE 5.04 / MAIN 5.04 : mod_auth_openidc Multiple Vulnerabilities (NS-SA-2019-0220)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has modauthopenidc packages installed that are affected by multiple vulnerabilities: - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not sk...
Junos OS: Crafted HTTP traffic may cause UTM to consume all mbufs, leading to Denial of Service (JSA10910)
According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability. An SRX Series Service Gateway configured for Unified Threat Management UTM may experience a denial of service due to the receipt of crafted HTTP traffic. TRUSTED...
Design/Logic Flaw
An SRX Series Service Gateway configured for Unified Threat Management UTM may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM consumes mbufs which...
CVE-2019-0010 Junos OS: SRX Series: Crafted HTTP traffic may cause UTM to consume all mbufs, leading to Denial of Service
An SRX Series Service Gateway configured for Unified Threat Management UTM may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM consumes mbufs which...
CVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" aka modauthopenidc module before 2.1.5 for the Apache HTTP Server does not skip OIDCCLAIM and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HT...
Authentication flaw
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not skip OIDCCLAIM and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP...
CVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" aka modauthopenidc module before 2.1.5 for the Apache HTTP Server does not skip OIDCCLAIM and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HT...
CVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" aka modauthopenidc module before 2.1.5 for the Apache HTTP Server does not skip OIDCCLAIM and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HT...
CVE-2017-6062
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" aka modauthopenidc module before 2.1.5 for the Apache HTTP Server does not skip OIDCCLAIM and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HT...