Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2018/10/19 4:50 p.m.4 views

au.com.govlawtech:dvasopapi-client (=1.3.1), by.exonit.redmine.client:client-play-ws_2.11 (=4.0.0-RC2) +342 more potentially affected by CVE-2017-14063 via org.asynchttpclient:async-http-client (>=2.0.0-RC1 <=2.0.34)

org.asynchttpclient:async-http-client MAVEN version =2.0.0-RC1, =1.0, =1.23.0, =1.23.0, =1.2.2, =0.5.4, =0.9.1, =0.0.1, =0.1.13, =1.0, =2.7.0 and more Source cves: CVE-2017-14063 Source advisory: OSV:GHSA-93JQ-624G-4P9P...

7.5CVSS7.1AI score0.03046EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/09/11 7:53 a.m.132 views

Important: Red Hat Security Advisory: Fuse 7.1 security update

An update is now available for Red Hat Fuse. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS7.7AI score0.96121EPSS
Exploits7References27
UbuntuCve
UbuntuCve
added 2017/08/31 4:29 p.m.30 views

CVE-2017-14063

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

7.5CVSS7.1AI score0.03046EPSS
Exploits0References4
CVE
CVE
added 2017/08/31 4:0 p.m.109 views

CVE-2017-14063

CVE-2017-14063 affects Async Http Client (async-http-client) prior to 2.0.35. The underlying issue allows an attacker to cause the client to connect to a host different from the one parsed from java.net.URI when a ? appears in a fragment. This vulnerability is corroborated by CNVD-2017-31118, whi...

7.5CVSS7.7AI score0.03046EPSS
Exploits0References28Affected Software1
Rows per page
Query Builder