Lucene search
K

4433 matches found

Tenable Nessus
Tenable Nessus
added 2020/10/09 12:0 a.m.36 views

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2020-2175)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash wh...

7.5CVSS7.9AI score0.89744EPSS
Exploits0References2
Kitploit
Kitploit
added 2020/09/30 8:30 p.m.108 views

H2Csmuggler - HTTP Request Smuggling Over HTTP/2 Cleartext (H2C)

h2cSmuggler smuggles HTTP traffic past insecure edge-server proxypass configurations by establishing HTTP/2 cleartext h2c communications with h2c-compatible back-end servers, allowing a bypass of proxy rules and access controls. See my detailed write-up below for: Technical breakdown of the...

7.4AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2020/09/29 12:0 a.m.59 views

EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-2018)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCECVE-2020-11984 - Apache HTTP Server...

9.8CVSS6.8AI score0.90039EPSS
Exploits4References4
OpenVAS
OpenVAS
added 2020/09/29 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2020-2016)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.13436EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/09/28 12:0 a.m.54 views

Oracle Linux 7 : olcne / nginx (ELSA-2020-5862)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5862 advisory. - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - Adress CVE-2019-9511 - Adress CVE-2018-16845 Tenable has extracted the precedin...

8.2CVSS7.3AI score0.62597EPSS
Exploits7References4
OSV
OSV
added 2020/09/23 1:15 p.m.29 views

CVE-2020-10687

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

4.8CVSS5.5AI score
Exploits0References3
NVD
NVD
added 2020/09/23 1:15 p.m.30 views

CVE-2020-10687

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS0.01147EPSS
Exploits0References3
Prion
Prion
added 2020/09/23 1:15 p.m.41 views

Design/Logic Flaw

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS5.8AI score0.02712EPSS
Exploits0References3Affected Software2
Debian CVE
Debian CVE
added 2020/09/23 12:30 p.m.37 views

CVE-2020-10687

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

5.8CVSS6.2AI score0.01147EPSS
Exploits0
NVD
NVD
added 2020/09/21 3:15 p.m.31 views

CVE-2020-4579

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438...

7.5CVSS0.0224EPSS
Exploits0References2
Prion
Prion
added 2020/09/21 3:15 p.m.17 views

Cross site request forgery (csrf)

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438...

5CVSS7.2AI score0.0224EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/09/21 3:15 p.m.20 views

Design/Logic Flaw

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441...

5CVSS7.2AI score0.01602EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/09/21 2:55 p.m.55 views

CVE-2020-4581

CVE-2020-4581 affects IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12, enabling a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM’s advisory confirms remediation in 2018.4.1.13 (APAR IT33517) for DataPower Gateway, with no workaround do...

7.5CVSS7.3AI score0.01602EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/21 2:55 p.m.25 views

CVE-2020-4581

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441...

7.5CVSS7.2AI score0.01602EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/09/21 2:55 p.m.27 views

CVE-2020-4579

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438...

7.5CVSS7.2AI score0.0224EPSS
Exploits0References2
Amazon
Amazon
added 2020/09/17 12:0 a.m.145 views

Important: httpd

Issue Overview: Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest...

9.8CVSS6.8AI score0.90039EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2020/09/15 12:0 a.m.7 views

PT-2020-13794

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.0 through 8.5.57 Apache Tomcat versions 9.0.0.M1 through 9.0.37 Apache Tomcat versions 10.0.0-M1 through 10.0.0-M7 Description If an HTTP/2 client exceeds the agreed maximum number of concurrent streams for a...

10CVSS7.1AI score0.99999EPSS
Exploits194References159
Apache Tomcat
Apache Tomcat
added 2020/09/15 12:0 a.m.65 views

Fixed in Apache Tomcat 8.5.58

Moderate: HTTP/2 request mix-up CVE-2020-13943 If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo...

4.3CVSS4.9AI score0.57286EPSS
Exploits0Affected Software1
Apache Tomcat
Apache Tomcat
added 2020/09/15 12:0 a.m.168 views

Fixed in Apache Tomcat 9.0.38

Moderate: HTTP/2 request mix-up CVE-2020-13943 If an HTTP/2 client exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo...

4.3CVSS4.9AI score0.57286EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2020/09/14 12:56 p.m.80 views

Important: Red Hat Security Advisory: httpd24-httpd security update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

7.5CVSS7.4AI score0.89744EPSS
Exploits0References2
Rows per page
Query Builder