264 matches found
EUVD-2025-21016
Malicious code in bioql PyPI...
EUVD-2024-39129
Malicious code in bioql PyPI...
EUVD-2024-39132
Malicious code in bioql PyPI...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
RHEL 8 : httpd:2.4 (RHSA-2025:15123)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15123 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
RHEL 7 : httpd (RHSA-2025:14998)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14998 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP Session Hijack via ...
httpd: HTTP Session Hijack via a TLS upgrade
An HTTP session hijacking flaw was found in Apache httpd. In some modssl configurations on Apache HTTP Server, an HTTP desynchronization attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade...
CVE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attack
In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...
CVE-2025-49812
In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...
Denial Of Service (DoS)
mcp is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of exceptions triggered after establishing a streamable HTTP session, which allows an attacker to cause a ClosedResourceError on the server side...
wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability...
CVE-2025-3526
SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to...
Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session
SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to...
GHSA-MF3R-6M25-3867 Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session
SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to...
CVE-2025-3526
CVE-2025-3526 affects Liferay Portal and Liferay DXP: SessionClicks allows unrestricted saving of HTTP session parameters, causing memory exhaustion and DoS. Affected: Liferay Portal 7.0.0–7.4.3.21; Liferay DXP 7.4 GA–update 9; Liferay Portal 7.3 GA–update 25; older unsupported versions. Root cau...