Lucene search
K

138 matches found

Tenable Nessus
Tenable Nessus
added 2019/05/10 12:0 a.m.13 views

Apache Tomcat 6.0.x < 6.0.50 NIO HTTP Connector Information Disclosure

Binary data 700669.pasl...

7.5CVSS8AI score0.16038EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/05/10 12:0 a.m.11 views

Apache Tomcat 8.0.x < 8.0.41 NIO HTTP Connector Information Disclosure

Binary data 700683.pasl...

7.5CVSS8.7AI score0.16038EPSS
Exploits0References2
Prion
Prion
added 2019/04/09 6:29 p.m.18 views

Authorization

The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances...

6.8CVSS8.2AI score0.02889EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/04/09 6:29 p.m.33 views

CVE-2019-8990

The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances...

9.1CVSS8.6AI score0.02889EPSS
Exploits0References3
CVE
CVE
added 2019/04/09 5:37 p.m.50 views

CVE-2019-8990

The CVE-2019-8990 issue affects the HTTP Connector component of TIBCO ActiveMatrix BusinessWorks. It allows unauthenticated HTTP requests to be processed by the BusinessWorks engine when authentication is required, but only in configurations where HTTP Basic Authentication is used alongside an XM...

9.1CVSS8.3AI score0.02889EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2019/04/09 12:0 a.m.9 views

PT-2019-19293 · Tibco · Tibco Activematrix Businessworks

Name of the Vulnerable Software and Affected Versions: TIBCO ActiveMatrix BusinessWorks versions up to and including 6.4.2 Description: The HTTP Connector component of TIBCO ActiveMatrix BusinessWorks contains an issue that allows unauthenticated HTTP requests to be processed by the BusinessWorks...

9.1CVSS9AI score0.02889EPSS
Exploits0References4
Debian
Debian
added 2019/04/04 4:11 p.m.80 views

[SECURITY] [DSA 4424-1] pdns security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4424-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 04, 2019 https://www.debian.org/security/faq -...

8.8CVSS7.6AI score0.1286EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/04/01 12:0 a.m.26 views

Debian DLA-1737-1 : pdns security update

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by makin...

8.8CVSS7.1AI score0.1286EPSS
Exploits1References3
Debian
Debian
added 2019/03/29 2:18 p.m.145 views

[SECURITY] [DLA 1737-1] pdns security update

Package : pdns Version : 3.4.1-4+deb8u9 CVE ID : CVE-2019-3871 Debian Bug : 924966 A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector ...

8.8CVSS7.6AI score0.1286EPSS
Exploits1
Prion
Prion
added 2019/03/21 9:29 p.m.22 views

Input validation

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by makin...

6.5CVSS8.5AI score0.1286EPSS
Exploits1References10Affected Software2
OSV
OSV
added 2019/03/21 9:29 p.m.3 views

DEBIAN-CVE-2019-3871

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by makin...

8.8CVSS7.2AI score0.1286EPSS
Exploits1References1
OSV
OSV
added 2019/03/21 9:29 p.m.28 views

CVE-2019-3871

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by makin...

8.8CVSS8.7AI score0.1286EPSS
Exploits1References10
AlpineLinux
AlpineLinux
added 2019/03/21 8:42 p.m.57 views

CVE-2019-3871

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by makin...

8.8CVSS8.3AI score0.1286EPSS
Exploits1
Debian CVE
Debian CVE
added 2019/03/21 8:42 p.m.42 views

CVE-2019-3871

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by makin...

8.8CVSS7.8AI score0.1286EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/10/04 12:0 a.m.51 views

RHEL 6 / 7 : Red Hat JBoss Web Server 5.0 Service Pack 1 (RHSA-2018:2868)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2868 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

5.9CVSS7.1AI score0.94494EPSS
Exploits3References11
RedHat Linux
RedHat Linux
added 2018/10/03 1:42 p.m.109 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.0 Service Pack 1 security and bug fix update

An update is now available for Red Hat JBoss Web Server 5.0 for RHEL 6 and Red Hat JBoss Web Server 5.0 for RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

5.9CVSS7AI score0.94494EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 2018/08/16 2:50 p.m.134 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 4 security and bug fix update

An update is now available for Red Hat JBoss Web Server 3.1. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS7AI score0.21979EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:49 p.m.47 views

Security Bulletin: Apache Tomcat vulnerability affects IBM Algo One - Counterparty Credit Risk (CVE-2016-8745)

Summary Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the improper handling of the send file code for the NIO HTTP connector when the Connector code for Tomcat is refactored. An attacker could exploit this vulnerability to obtain the session ID and the...

7.5CVSS0.4AI score0.16038EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 10:49 p.m.35 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One - Algo Risk Application (CVE-2016-8745)

Summary IBM Algo One - Algo Risk Application could allow a remote attacker to obtain sensitive information, caused by the improper handling of the send file code for the NIO HTTP connector when the Connector code for Tomcat is refactored. An attacker could exploit this vulnerability to obtain the...

7.5CVSS0.1AI score0.16038EPSS
Exploits0Affected Software1
NVD
NVD
added 2017/08/10 10:29 p.m.33 views

CVE-2016-8745

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn...

7.5CVSS7.5AI score0.16038EPSS
Exploits0References30
Rows per page
Query Builder