EUVD-2024-36338

Malicious code in bioql PyPI...

Race Condition Vulnerability

org.apache.tomcat, tomcat-util is vulnerable to Race Condition Vulnerability. The vulnerability is due to improper synchronization in the APR/Native connector when handling client-initiated HTTP/2 connection closures, which allows an attacker to exploit race conditions potentially leading to...

Linux Distros Unpatched Vulnerability : CVE-2017-5446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash. This...

Withdrawn Advisory: undertow: information leakage via HTTP/2 request header reuse

Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a valid vulnerability. This link is maintained to preserve external references. For more information, see https://nvd.nist.gov/vuln/detail/CVE-2024-4109. Original Description A flaw was found in Undertow. An...

CVE-2024-4109

Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability...

CVE-2024-4109

...

CVE-2024-4109

CVE-2024-4109 is linked to information leakage in Undertow when handling HTTP/2 header reuse. Affected product: Red Hat JBoss Enterprise Application Platform (EAP) 7.x on RHEL7/RHEL8 as referenced by RHSA advisories (e.g., 7.1.12 on RHEL7 and 7.3.15). Root cause: Undertow HTTP/2 handling allows l...

Medium: mod_http2

Issue Overview: Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. CVE-2024-36387 Affected Packages: modhttp2 Issue Correction: Run dnf update modhttp2 --releasever 2023.5.202408...

USN-6943-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...

Debian dsa-5662 : apache2 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5662 advisory. - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - Faulty input...

EulerOS 2.0 SP8 : golang (EulerOS-SA-2024-1269)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a...

SUSE: Security Advisory (SUSE-SU-2024:0817-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : containerd (ALASDOCKER-2024-038)

The version of containerd installed on the remote host is prior to 1.6.28-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2024-038 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many...

RHCOS 4 : OpenShift Container Platform 4.12.30 (RHSA-2023:4674)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4674 advisory. - golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 Note that Nessus has not tested for this issue but has instead...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Apache HTTP Server vulnerabilities (USN-6506-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6506-1 advisory. David Shoon discovered that the Apache HTTP Server modmacro module incorrectly handled certain memory operations. A remote...

Amazon Linux AMI : httpd24 (ALAS-2023-1877)

The version of httpd24 installed on the remote host is prior to 2.4.58-1.101. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1877 advisory. Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through...

Amazon Linux 2 : httpd (ALAS-2023-2322)

The version of httpd installed on the remote host is prior to 2.4.58-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2322 advisory. Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...

CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

PT-2023-6452 · Apache +7 · Apache Http Server +7

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.55 through 2.4.57 Description: The issue is related to a HTTP/2 connection with an initial window size of 0, which can block handling of that connection indefinitely in Apache HTTP Server. This could be used to...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2023-339)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-339 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...