25 matches found
eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name
A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security TLS handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service DoS condition, impacting the availability of t...
eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name
A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security TLS handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service DoS condition, impacting the availability of t...
Security Bulletin: IBM Automation Decision Services for May 2026- Multiple CVEs addressed
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Automation Decision Services. See full list below. Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included...
Eclipse Vert.x 安全漏洞
Eclipse Vert.x is a toolkit developed by the Eclipse Foundation for building responsive applications on the JVM. There is a security vulnerability in Eclipse Vert.x, which stems from the fact that the TCP client can perform TLS handshakes and present server name extensions. These server name...
PT-2026-28107
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.132.Final and 4.2.10.Final Description Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Specifically, Netty terminates chunk header...
Security Bulletin: IBM Event Processing is vulnerable to unauthorized access to hidden files and stored cross-site scripting (XSS) (CVE-2025-11965, CVE-2025-11966)
Summary IBM Event Processing is vulnerable to unauthorized access to hidden files and stored cross-site scripting XSS when using Eclipse Vert.x. Vulnerability Details CVEID:CVE-2025-11965 DESCRIPTION: In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for...
CVE-2026-1002 Eclipse Vert.x Web static handler file access denial
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...
io.vertx/vertx-web: Eclipse Vert.x cross site scripting
In Eclipse Vert.x, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path can craft filenames containing maliciou...
Linux Distros Unpatched Vulnerability : CVE-2025-11965
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidd...
CVE-2025-11965
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...
CVE-2025-11965
The CVE-2025-11965 issue affects Eclipse Vert.x: versions 4.0.0–4.5.21 and 5.0.0–5.0.4 contain a misconfiguration in StaticHandler that fails to restrict access to hidden directories, enabling unauthorized access to files inside them (for example, .git/config). The available connected documents c...
CVE-2025-11965
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them e.g. '.git/config'...
CVE-2025-11966
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...
CVE-2025-11966
CVE-2025-11966 affects Eclipse Vert.x with directory listing enabled: when using Vert.x 4.0.0–4.5.21 and 5.0.0–5.0.4, file/directory names are inserted into generated HTML without escaping in href, title, and link attributes, enabling stored XSS. Red Hat advisory RHSA-2026:0134 notes this CVE is ...
Security Bulletin: Multiple vulnerabilities found in IBM Security Verify Information Queue
Summary Multiple security vulnerabilities in the third-party libraries have been addressed in IBM Security Verify Information Queue ISIQ Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and...
PT-2024-38985 · Eclipse · Eclipse Vert.X
Name of the Vulnerable Software and Affected Versions: Eclipse Vert.x versions 4.3.0 through 4.5.9 Description: The gRPC server in Eclipse Vert.x does not limit the maximum length of message payload, which can lead to potential issues. This issue does not affect the Vert.x gRPC server based on...
GHSA-9PH3-V2VH-3QX7 Eclipse Vert.x vulnerable to a memory leak in TCP servers
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...
Eclipse Vert.x 安全漏洞
Eclipse Vert.x is an Eclipse Foundation toolkit for building responsive applications on the JVM. A security vulnerability exists in Eclipse Vert.x versions prior to 4.4.8, which stems from the presence of a memory leak that allows an attacker to trigger an out-of-memory error in the JVM by sendin...
PT-2024-7970 · Eclipse · Eclipse Vert.X
Name of the Vulnerable Software and Affected Versions: Eclipse Vert.x affected versions not specified Description: A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name, the default...
Eclipse Vertx-web 路径遍历漏洞
Eclipse Vertx-web is an Eclipse Foundation framework for building web applications. A path traversal vulnerability exists in Eclipse Vertx-web versions prior to 4.3.8, which stems from the fact that an attacker can disclose any class path resource if the mount point is a wildcard...