Lucene search
+L

5 matches found

Snyk
Snyk
added 2026/06/26 2:8 a.m.6 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the Server.prototype.addContext method of lib/internal/tls/wrap.js, which builds the server name matching regular expression without the case-insensitive flag. An attacker can evade the TLS conte...

5.9CVSS6.5AI score0.00256EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/04/21 8:24 p.m.3 views

python-urllib3: HTTPS proxy host name not validated when using default SSLContext

A flaw was found in python-urllib3. SSL certificate validation is omitted in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificates for different...

6.5CVSS6.8AI score0.02109EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.8 views

JAX-RS: Information disclosure via XML eXternal Entity (XXE)

It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...

5CVSS5.8AI score0.03031EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/11 8:18 p.m.4 views

Security: Wrong security context loaded when using SAML2 STS Login Module

It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...

3.5CVSS5.7AI score0.01739EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/06/26 3:16 p.m.12 views

JAX-RS: Information disclosure via XML eXternal Entity (XXE)

It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...

5CVSS5.8AI score0.03031EPSS
Exploits0References4
Rows per page
Query Builder