Lucene search
K

100 matches found

RedHat Linux
RedHat Linux
added 2025/06/25 12:16 a.m.10 views

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

7.5CVSS7.3AI score0.0087EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/06/25 12:16 a.m.34 views

undertow: AJP Request closes connection exceeding maxRequestSize

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

7.5CVSS7.1AI score0.01016EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/04/28 12:20 a.m.8 views

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

7.5CVSS7.3AI score0.0087EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/29 12:0 a.m.9 views

PT-2024-9163 · Trellix · Trellix Enterprise Security Manager

Name of the Vulnerable Software and Affected Versions: Trellix Enterprise Security Manager ESM version 11.6.10 Description: A vulnerability in the system allows unauthenticated access to the internal Snowservice API, leading to improper handling of path traversal and insecure forwarding to an AJP...

9.8CVSS7.6AI score0.02544EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2024/03/06 3:38 p.m.3 views

undertow: url-encoded request path information can be broken on ajp-listener

A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processe...

7.5CVSS7.3AI score0.01702EPSS
Exploits0References5
OSV
OSV
added 2023/12/12 10:15 p.m.3 views

DEBIAN-CVE-2023-5379

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

7.5CVSS7.2AI score0.01016EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/08/15 5:43 p.m.5 views

httpd: mod_proxy_ajp: Possible request smuggling

A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...

9CVSS7.1AI score0.01879EPSS
Exploits0References5
OSV
OSV
added 2023/06/21 11:15 a.m.3 views

DEBIAN-CVE-2023-34981

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...

7.5CVSS6.6AI score0.01116EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/19 12:0 a.m.4 views

PT-2023-4472 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 11.0.0-M5, 10.1.8, 9.0.74, and 8.5.88 Description: A regression in the fix for bug 66512 in Apache Tomcat meant that, if a response did not include any HTTP headers, no AJP SEND HEADERS message would be sent for the...

7.8CVSS7.5AI score0.01116EPSS
Exploits0References34
F5 Networks
F5 Networks
added 2023/02/21 7:58 p.m.15 views

K5790: Apache JServ Protocol vulnerability JVN#79314822

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/02/21 9:35 a.m.4 views

httpd: mod_proxy_ajp: Possible request smuggling

A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...

9CVSS7.1AI score0.01879EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:51 a.m.5 views

SUSE CVE-2011-3190

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret...

7.5CVSS4.9AI score0.15226EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.4 views

SUSE CVE-2013-4286

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...

5.8CVSS6.9AI score0.16833EPSS
Exploits2References4
OSV
OSV
added 2023/01/17 8:15 p.m.5 views

ALPINE-CVE-2022-36760

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

9CVSS7AI score0.01879EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/12/14 1:17 p.m.4 views

undertow: Double AJP response for 400 from EAP 7 results in CPING failures

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

7.5CVSS7.3AI score0.01258EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/11/15 9:58 a.m.4 views

httpd: mod_proxy_ajp: Possible request smuggling

An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests...

7.5CVSS7.2AI score0.19008EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/11/03 3:14 p.m.4 views

undertow: Double AJP response for 400 from EAP 7 results in CPING failures

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

7.5CVSS7.3AI score0.01258EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.4 views

undertow: Double AJP response for 400 from EAP 7 results in CPING failures

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

7.5CVSS7.3AI score0.01258EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.5 views

undertow: Double AJP response for 400 from EAP 7 results in CPING failures

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

7.5CVSS7.3AI score0.01258EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/05 5:3 p.m.4 views

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

7.5CVSS7.3AI score0.0087EPSS
Exploits0References4
Rows per page
Query Builder