3714 matches found
Medium: tomcat
Issue Overview: While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent...
Tungstenite allows remote attackers to cause a denial of service
The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amoun...
GHSA-9MCR-873M-XCXP Tungstenite allows remote attackers to cause a denial of service
The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amoun...
CVE-2023-43669
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...
CVE-2023-43669
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...
Design/Logic Flaw
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...
CVE-2023-43669
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...
CVE-2023-43669
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...
CVE-2023-43669
The CVE-2023-43669 issue affects the Tungstenite crate for Rust up to version 0.20.0, where an excessively long HTTP header in a client handshake can cause high CPU usage and denial of service. Affected projects using tungstenite (and dependent crates like tokio-tungstenite) are exposed to potent...
Apache Flink Code Injection Vulnerability
Apache Flink is an open source distributed streaming data processing engine of the Apache Foundation . The product is mainly written in Java and Scala languages . Func is Knative open source a client library and CLI , support for the development and deployment of features . Apache Flink Stateful...
CVE-2023-43669
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...
SUSE-SU-2023:3692-1 Security update for curl
This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. bsc1215026...
CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...
CVE-2023-41834 Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content...
Eclipse Jetty HTTP Header Vulnerability (GHSA-hmr7-m48g-48f6) - Windows
Eclipse Jetty is prone to an HTTP header vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...
Eclipse Jetty HTTP Header Vulnerability (GHSA-hmr7-m48g-48f6) - Linux
Eclipse Jetty is prone to an HTTP header vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Node.js vulnerabilities (USN-6380-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6380-1 advisory. Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into...
UBUNTU-CVE-2023-40167
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to HTTP header injection due to Go CVE-2023-29406
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to HTTP header injection due to Go CVE-2023-29406 with details below. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29406 DESCRIPTION: Golang Go is vulnerable to HTTP head...
Internet Bug Bounty: [curl] CVE-2023-38039: HTTP header allocation DOS
CVE-2023-38039 is a security vulnerability in the curl library that allowed a malicious server to send an unlimited number of headers in an HTTP response, causing curl to exhaust heap memory and potentially leading to a denial-of-service condition...