Lucene search
K

57 matches found

Vulnrichment
Vulnrichment
added 2023/10/10 6:38 p.m.31 views

CVE-2023-45648 Apache Tomcat: Trailer header parsing too lenient

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...

7.6AI score0.05848EPSS
Exploits2References1
Debian CVE
Debian CVE
added 2023/10/10 6:38 p.m.47 views

CVE-2023-45648

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...

5.3CVSS7.8AI score0.05848EPSS
Exploits2
OSV
OSV
added 2023/10/10 6:38 p.m.27 views

CVE-2023-45648 Apache Tomcat: Trailer header parsing too lenient

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...

5.3CVSS6.7AI score0.05848EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.7 views

PT-2023-6329

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.0-M11 Apache Tomcat versions 10.1.0-M1 through 10.1.13 Apache Tomcat versions 9.0.0-M1 through 9.0.81 Apache Tomcat versions 8.5.0 through 8.5.93 Description The issue is related to improper input...

8.6CVSS7.1AI score0.23072EPSS
Exploits6References97
Apache Tomcat
Apache Tomcat
added 2023/10/10 12:0 a.m.121 views

Fixed in Apache Tomcat 8.5.94

Important: Request smuggling CVE-2023-45648 Tomcat did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. This was fixe...

7.5CVSS7.7AI score0.99999EPSS
Exploits21Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/10 12:0 a.m.55 views

Apache Tomcat 10.1.0.M1 < 10.1.14 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 10.1.14. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.14security-10 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11,...

7.5CVSS7.3AI score0.99999EPSS
Exploits21References7
Apache Tomcat
Apache Tomcat
added 2023/08/25 12:0 a.m.50 views

Fixed in Apache Tomcat 11.0.0-M11

Moderate: Open redirect CVE-2023-41080 If the ROOT default web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger a redirect to an URL of the attackers choice. This was fixed with commit e3703c9a. This issue was reported ...

7.5CVSS7.2AI score0.05972EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2016/01/21 3:54 p.m.69 views

Moderate: Red Hat Security Advisory: httpd and httpd22 security update

Updated httpd and httpd22 packages that fix two security issues are now available for Red Hat JBoss Web Server 2.1.0 for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

5CVSS6.6AI score0.73327EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2016/01/21 3:54 p.m.51 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.0 security update

An update for Red Hat JBoss Web Server 2.1.0 that fixes four security issues is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

5CVSS6.6AI score0.73327EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2015/07/28 12:0 a.m.63 views

CentOS 6 : httpd (CESA-2015:1249)

Updated httpd packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

5CVSS6.2AI score0.60205EPSS
Exploits2References2
Cent OS
Cent OS
added 2015/07/26 2:13 p.m.82 views

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2015:1249 Updated httpd packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scori...

5CVSS6.4AI score0.60205EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2015/07/20 1:50 p.m.69 views

Low: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Updated httpd packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

5CVSS6.4AI score0.60205EPSS
Exploits2References13
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.35 views

Mandriva Linux Security Advisory : apache (MDVSA-2015:093)

Updated apache packages fix security vulnerabilities : Apache HTTPD before 2.4.9 was vulnerable to a denial of service in moddav when handling DAVWRITE requests CVE-2013-6438. Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies CVE-2014-0098. A race condition flaw...

6.8CVSS7.3AI score0.85744EPSS
Exploits10References15
OpenVAS
OpenVAS
added 2015/03/06 12:0 a.m.44 views

RedHat Update for httpd RHSA-2015:0325-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS5.6AI score0.60205EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2015/02/13 12:0 a.m.54 views

Amazon Linux AMI : httpd24 (ALAS-2015-483)

modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access...

5CVSS6.2AI score0.60205EPSS
Exploits2References5
OSV
OSV
added 2014/12/13 8:16 p.m.8 views

MGASA-2014-0527 Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: A NULL pointer dereference flaw was found in the way the modcache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server...

5.4CVSS4.6AI score0.13451EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/12/09 6:7 p.m.84 views

Low: Red Hat Security Advisory: httpd24-httpd security and bug fix update

Updated httpd24-httpd packages that fix two security issues and one bug are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

5CVSS6.5AI score0.60205EPSS
Exploits2References4
Rows per page
Query Builder