15 matches found
EUVD-2025-208311
org.eclipse.jetty:jetty-http has different parsing of invalid URIs...
DEBIAN-CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
CVE-2025-11143
Summary of CVE-2025-11143 : The Jetty HTTP URI parser has differences in handling invalid/unusual URIs, causing potential security by‑pass or leakage of implementation details when multiple components parse URIs differently. Public sources describe practical implications as differential parsing a...
CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...
Key Exchange Protocol Based on Circulant Matrix Action over Congruence-Simple Semiring
We present a new key exchange protocol based on circulant matrices acting on matrices over a congruence-simple semiring. We describe how to compute matrices with the necessary properties for the implementation of the protocol. Additionally, we provide an analysis of its computational cost and its...
Amazon Linux 2 : ipa (ALAS-2024-2457)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2457 advisory. A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform...
Fedora 39 : freeipa (2024-9ab2666594)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9ab2666594 advisory. Security update for CVE-2023-5455 Release notes: https://www.freeipa.org/release-notes/4-11-1.html Tenable has extracted the preceding description block...
CentOS 7 : ipa (RHSA-2024:0145)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0145 advisory. - A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the use...
jetty: Ambiguous paths can access WEB-INF
In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...
CVE-2019-4751
IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. IBM X-Force ID: 173311...
gdm security update
gdm 2.16.0-59.0.1.el59.1 - Fix gdmconfig memory leaks orabug 12734629 2.16.0-59.1 - Don't try to pre-create directories that are internal implementation details of X. Resolves: 997619 CVE-2013-4169 initscripts 8.45.42-2.0.1.el59.1 - Do not rename eth devices. Orabug 14266688. Apply upstream...