Lucene search
K

165 matches found

NVD
NVD
added 2023/12/12 10:15 p.m.40 views

CVE-2023-5379

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

7.5CVSS0.01016EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/12/12 10:15 p.m.31 views

CVE-2023-5379

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

7.5CVSS7AI score0.01016EPSS
Exploits0References4
Prion
Prion
added 2023/12/12 10:15 p.m.21 views

Design/Logic Flaw

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

5CVSS6.8AI score0.01016EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2023/12/12 10:1 p.m.50 views

CVE-2023-6710 Mod_cluster/mod_proxy_cluster: stored cross site scripting

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

5.4CVSS5.5AI score0.02242EPSS
Exploits5References5
Vulnrichment
Vulnrichment
added 2023/12/12 9:54 p.m.12 views

CVE-2023-5379 Undertow: ajp request closes connection exceeding maxrequestsize

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

7.5CVSS6.5AI score0.01016EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/12/12 9:54 p.m.36 views

CVE-2023-5379 Undertow: ajp request closes connection exceeding maxrequestsize

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

7.5CVSS7.7AI score0.01016EPSS
Exploits0References4
CVE
CVE
added 2023/12/12 9:54 p.m.239 views

CVE-2023-5379

CVE-2023-5379 affects Undertow/AJP handling in Red Hat JBoss EAP, where an AJP request exceeding the max-header-size can cause mod_cluster to mark the backend as an error and close the TCP connection without an AJP response, enabling potential DoS via repeated oversized requests. The connected ad...

7.5CVSS7.3AI score0.01016EPSS
Exploits0References5Affected Software3
RedhatCVE
RedhatCVE
added 2023/12/12 9:54 p.m.39 views

CVE-2023-5379

A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by modcluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because modproxycluster...

7.5CVSS6.8AI score0.01016EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/10/31 1:9 p.m.52 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.6 release and security update

An update is now available for Red Hat JBoss Web Server 5.7.6 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

5.3CVSS6.7AI score0.05848EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2023/10/31 1:5 p.m.57 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.6 release and security update

Red Hat JBoss Web Server 5.7.6 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVS...

5.3CVSS6.7AI score0.05848EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2023/10/17 3:44 p.m.57 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.5 release and security update

An update is now available for Red Hat JBoss Web Server 5.7.5 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

7.5CVSS7AI score0.99999EPSS
Exploits19References3
RedHat Linux
RedHat Linux
added 2023/09/04 12:19 p.m.68 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update

An update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS7AI score0.51547EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/06/05 4:29 p.m.55 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.3 release and security update

An update is now available for Red Hat JBoss Web Server 5.7.3 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

7.5CVSS7AI score0.59501EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/05 2:16 p.m.51 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.3 release and security update

Red Hat JBoss Web Server 5.7.3 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System...

7.5CVSS7AI score0.59501EPSS
Exploits0References7
F5 Networks
F5 Networks
added 2023/02/21 7:54 p.m.63 views

K15317908: Apache mod_cluster vulnerability CVE-2016-8612

Security Advisory Description Apache HTTP Server modcluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process. CVE-2016-8612 Impact There is no impact; F5...

4.3CVSS6.2AI score0.04692EPSS
Exploits0
OSV
OSV
added 2022/08/06 12:0 a.m.37 views

GHSA-95RF-557X-44G5 Undertow vulnerable to Dos via Large AJP request

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

7.5CVSS7.3AI score0.0087EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/08/06 12:0 a.m.61 views

Undertow vulnerable to Dos via Large AJP request

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

7.5CVSS3.5AI score0.0087EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/08/05 4:15 p.m.25 views

Design/Logic Flaw

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

5CVSS7.2AI score0.0087EPSS
Exploits0References2Affected Software2
UbuntuCve
UbuntuCve
added 2022/08/05 4:15 p.m.45 views

CVE-2022-2053

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...

7.5CVSS6.8AI score0.0087EPSS
Exploits0References2
OSV
OSV
added 2022/05/17 5:18 a.m.24 views

GHSA-V2FP-H4QX-X3R6 Improper Access Control in JBoss mod_cluster

modcluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed...

4.3CVSS6.4AI score0.02592EPSS
Exploits0References11
Rows per page
Query Builder