11 matches found
RHEL 6 : undertow (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - undertow: LearningPushHandler can lead to remote memory DoS attacks CVE-2024-3653 Note that Nessus has not tested f...
Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 3.8.6 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.18 Security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.18 Security update (Important) (RHSA-2024:5145)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5145 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.18 Security update (Important) (RHSA-2024:5143)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5143 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
CVE-2024-3653
creationtimestamp| type| source ---|---|--- 2024-07-09 00:31:43+00:00| seen| https://t.me/cvedetector/219 2025-01-09 22:16:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1110 2025-02-26 04:24:30+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5446 2025-06-18 19:39:59+00:00| seen|...
app.valuationcontrol:webservice (>=0.5.0 <=0.5.1), ba.sake:sharaf_3 (>=0.0.7 <=0.7.4) +974 more potentially affected by CVE-2024-3653 via io.undertow:undertow-core (>=2.3.0.Alpha1 <=2.3.14.Final)
io.undertow:undertow-core MAVEN version =2.3.0.Alpha1, =0.5.0, =0.0.7, =1.1.15, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.6, =1.0.31 and more Source cves: CVE-2024-3653 Source advisory: OSV:GHSA-CH7Q-GPFF-H9HP...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.2 Security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
DEBIAN-CVE-2024-3653
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
CVE-2024-3653 Undertow: learningpushhandler can lead to remote memory dos attacks
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...