9 matches found
OESA-2024-2103 netty3 security update
Netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. It greatly simplifies and streamlines network programming such as TCP and UDP socket server. Security Fixes: Netty before 4.1.42.Final mishandles whitespac...
K10002140: Eclipse Jetty vulnerabilities CVE-2017-7657 and CVE-2017-7658
Security Advisory Description In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk...
SUSE CVE-2015-8852
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r carriage return character in conjunction with multiple Content-Length headers in an HTTP...
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a...
Important: Red Hat Security Advisory: jbossas security update
Updated jbossas packages that fix multiple security issues in tomcat are now available for Red Hat Application Stack. This update has been rated as having Important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages...
CVE-2005-0174
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including 1 multiple Content-Length headers, 2 carriage return CR characters that are not part of a CRLF pair, and 3 header names containing...