Flight 安全漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a security vulnerability. This vulnerability stemmed from the default error handling mechanism Engine::error, which wrote the entire exception message into the HTTP 500 response. Without debugging...

Linux Distros Unpatched Vulnerability : CVE-2018-12536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynami...

PT-2021-7415 · Udisks2 +7 · Udisks2 +7

Name of the Vulnerable Software and Affected Versions: udisks2 affected versions not specified Description: The issue is related to the Udisks program for querying and managing storage devices, specifically for ext2/3/4 file systems. It is caused by the default configuration to stop the machine i...

DOS vulnerability for Quoted Quality CSV headers

Impact When Jetty handles a request containing request headers with a large number of “quality” i.e. q parameters such as what are seen on the Accept, Accept-Encoding, and Accept-Language request headers, the server may enter a denial of service DoS state due to high CPU usage while sorting the...

jetty: full server path revealed when using the default Error Handling

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...