17 matches found
EUVD-2024-2322
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-3653
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the...
undertow: LearningPushHandler can lead to remote memory DoS attacks
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
undertow: LearningPushHandler can lead to remote memory DoS attacks
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
undertow: LearningPushHandler can lead to remote memory DoS attacks
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
undertow: LearningPushHandler can lead to remote memory DoS attacks
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
Configuration Bypass
Undertow is vulnerable to a Configuration Bypass. The vulnerability is due to enabling the learning-push handler without configuring the maxAge setting, which defaults to -1, which allows an attacker to reach the server with a normal HTTP request and potentially exploit the misconfigured handler...
GHSA-CH7Q-GPFF-H9HP Undertow Missing Release of Memory after Effective Lifetime vulnerability
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
Undertow Missing Release of Memory after Effective Lifetime vulnerability
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
undertow: LearningPushHandler can lead to remote memory DoS attacks
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
CVE-2024-3653
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
CVE-2024-3653
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
CVE-2024-3653
CVE-2024-3653 affects Undertow. The vulnerability arises when learning-push handler is enabled in server config (disabled by default); if maxAge is left at its default -1, the handler becomes vulnerable. An attacker with network access can reach the server with a normal HTTP request to exploit th...
CVE-2024-3653 Undertow: learningpushhandler can lead to remote memory dos attacks
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
CVE-2024-3653
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...
Red Hat Undertow Security Vulnerability
Red Hat Undertow is a Java-based embedded web server from Red Hat and is the default web server for Wildfly Java Application Server. A security vulnerability exists in Red Hat Undertow that stems from an attack on the learning-push handler when it is enabled and the maxAge parameter is not...
PT-2024-27050 · Undertow · Undertow
Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A vulnerability was found in Undertow, which requires the learning-push handler to be enabled in the server's config. By default, this handler is disabled. If enabled and the maxAge config...