1615 matches found
GHSA-W6QF-42M7-VH68 Undertow Uncontrolled Resource Consumption Vulnerability
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
Undertow Uncontrolled Resource Consumption Vulnerability
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
Kafka UI 0.7.1 Command Injection Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kafka UI Unauthenticated Remote Command Execution via the Groovy Filter option.', 'Description' = %q A command injection vulnerability exists in...
CVE-2024-1635
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
CVE-2024-1635
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
Design/Logic Flaw
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
CVE-2024-1635 Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
CVE-2024-1635
Undertow vulnerability CVE-2024-1635 affects servers supporting the wildfly-http-client protocol. The issue arises during HTTP upgrade to remoting: WriteTimeoutStreamSinkConduit is not notified when a RemotingConnection is closed, causing timeout tasks to leak and accumulate, which leaks connecti...
CVE-2024-1635 Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
CVE-2024-1635
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
CVE-2024-1635
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
USN-6641-1: curl vulnerability
Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains...
PT-2024-18183 · Undertow · Undertow
Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A vulnerability was found in Undertow that impacts servers supporting the wildfly-http-client protocol. When a malicious user opens and closes a connection with the HTTP port of the server...
CVE-2024-24758
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1174)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-urllib3 (EulerOS-SA-2024-1185)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : python-urllib3 (EulerOS-SA-2024-1205)
According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect...
Server-Side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-Side Request Forgery SSRF via the process of fetching payment or payment provider information. An attacker can gain control over the destination URL of the HttpClient used in the API classes, leading to requests to unexpected...
TrueLayer.NET Code Issue Vulnerability
TrueLayer.NET is a .Net client for TrueLayer by TrueLayer UK. A code issue vulnerability exists in TrueLayer.NET. An attacker could use this vulnerability to gain control of the target URL of the HttpClient used in the API class...
PT-2024-20114 · Truelayer · Truelayer.Client +1
Name of the Vulnerable Software and Affected Versions: TrueLayer.Client versions prior to v1.6.0 Description: The issue could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to...