Lucene search
K

4434 matches found

Veracode
Veracode
added 2024/11/21 11:55 a.m.13 views

Incorrect Object Recycling And Re-use

Apache Tomcat is vulnerable to Incorrect object recycling and re-use. The vulnerability is due to flawed object recycling logic in Apache Tomcat's HTTP/2 implementation. Specifically, the request and response objects are not properly cleared or segregated before being reused, allowing data from o...

6.5CVSS6.4AI score0.02008EPSS
Exploits1References7Affected Software2
GithubExploit
GithubExploit
added 2024/11/21 6:20 a.m.497 views

Exploit for Inadequate Encryption Strength in Apache Tomcat

🚨🚨CVE-2024-52317🚨🚨 CVE-2024-52317 - Apache Tomcat HTTP/2 Data...

6.5CVSS7AI score0.02008EPSS
Exploits1
F5 Networks
F5 Networks
added 2024/11/20 6:51 p.m.18 views

K000148640: golang: net/http, x/net/http2 vulnerability CVE-2023-45288

Security Advisory Description An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's...

7.5CVSS7AI score0.91969EPSS
Exploits1
OSV
OSV
added 2024/11/20 7:20 a.m.17 views

BIT-TOMCAT-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0 through 11.0.0, from 10.1.27 through 10.1.30, fr...

6.5CVSS6.8AI score0.02008EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/11/20 12:0 a.m.25 views

Apache Tomcat 10.1.0-M1 < 10.1.31 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...

9.8CVSS9.1AI score0.06287EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2024/11/20 12:0 a.m.22 views

Apache Tomcat 9.0.0-M1 < 9.0.96 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...

9.8CVSS9.1AI score0.06287EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2024/11/20 12:0 a.m.33 views

Apache Tomcat 11.0.0-M1 < 11.0.0 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host 9.0.0-M1 to 9.0.95, 10.1.0-M1 to 10.1.30 or 11.0.0-M1 to 11.0.0-M26. It is, therefore, affected by multiple vulnerabilities : - If Tomcat was configured to use a custom Jakarta Authentication formerly JASPIC ServerAuthContext component whi...

9.8CVSS9.1AI score0.06287EPSS
Exploits2References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/19 2:10 p.m.31 views

Security Bulletin: IBM Sterling Global Mailbox is affected by a IBM WebSphere Vulnerability that could cause denial of service (CVE-2023-44487)

Summary IBM Sterling Global High Availability Mailbox is affected by IBM WebSphere Application Server Liberty it is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details CVEID:CVE-2023-44487...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
OSV
OSV
added 2024/11/18 12:30 p.m.1 views

GHSA-QVF5-HVJX-WM27 Apache Tomcat Request and/or response mix-up

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

6.5CVSS6.8AI score0.02008EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2024/11/18 12:30 p.m.30 views

Apache Tomcat Request and/or response mix-up

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

6.5CVSS6.8AI score0.02008EPSS
Exploits1References8Affected Software2
NVD
NVD
added 2024/11/18 12:15 p.m.27 views

CVE-2024-52317

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

6.5CVSS0.02008EPSS
Exploits1References3
OSV
OSV
added 2024/11/18 12:15 p.m.26 views

CVE-2024-52317

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

6.5CVSS6.4AI score
Exploits0References3
Cvelist
Cvelist
added 2024/11/18 11:36 a.m.38 views

CVE-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

0.02008EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/18 11:36 a.m.37 views

CVE-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

7.2AI score0.02008EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2024/11/18 12:0 a.m.21 views

Apache Tomcat HTTP/2 Vulnerability (Nov 2024) - Windows

Apache Tomcat is prone to vulnerability in HTTP/2. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if description...

6.5CVSS6.3AI score0.02008EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2024/11/18 12:0 a.m.24 views

Apache Tomcat HTTP/2 Vulnerability (Nov 2024) - Linux

Apache Tomcat is prone to vulnerability in HTTP/2. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if description...

6.5CVSS6.3AI score0.02008EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2024/11/15 12:0 a.m.24 views

Ubuntu: Security Advisory (USN-7111-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS10AI score0.91969EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/11/15 12:0 a.m.30 views

Ubuntu: Security Advisory (USN-7109-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.1AI score0.91969EPSS
Exploits1References2
Hacker One
Hacker One
added 2024/11/14 5:19 p.m.80 views

Node.js: GOAWAY HTTP/2 frames cause memory leak outside heap

A memory leak could occur when a remote peer abruptly closed the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could have led to increased memory...

5.3CVSS6.5AI score0.01282EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/11/14 1:57 p.m.36 views

USN-7109-1: Go vulnerabilities

Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. CVE-2022-41723 Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this...

9.8CVSS7.5AI score0.91969EPSS
Exploits1
Rows per page
Query Builder