14 matches found
EUVD-2021-0564
Malware in sbrugna...
NanoHTTPD Information Disclosure Vulnerability
NanoHTTPD is a lightweight HTTP server designed to be embedded in other applications, released under a modified BSD license. An information disclosure vulnerability exists in all versions of the NanoHTTPD package. The vulnerability stems from the fact that when an HTTP request body is parsed in a...
CVE-2022-21230
CVE-2022-21230 affects all versions of the org.nanohttpd:nanohttpd package. During HTTP request body parsing, the body larger than 1024 bytes is written to a RandomAccessFile with insecure permissions, allowing other users on the host to view its contents (information disclosure). The issue is ro...
CVE-2022-21230
This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to ...
NanoHTTPD 安全漏洞
NanoHTTPD is a lightweight HTTP server designed to be embedded in other applications, released under a modified BSD license. An information disclosure vulnerability exists in all versions of the NanoHTTPD package. The vulnerability stems from the fact that when an HTTP request body is parsed in a...
ai.h2o:h2o-clustering (>=3.32.1.1 <=3.44.0.2), ai.h2o:h2o-k8s (>=3.30.0.2 <=3.44.0.2) +211 more potentially affected by CVE-2022-21230 via org.nanohttpd:nanohttpd (>=2.2.0 <=2.3.1)
org.nanohttpd:nanohttpd MAVEN version =2.2.0, =3.32.1.1, =3.30.0.2, =3.34.0.3, =1.0.0, =1.0.0, =1.0.0, =3.8, =1.0, =1.1, =0.2.22, =0.2.22, =0.4.15 and more Source cves: CVE-2022-21230 Source advisory: SNYK:JAVA-ORGNANOHTTPD-2422798...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that...
Cross-Site Scripting (XSS)
nanohttpd is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript code in a user's browser via the GeneralHandler class that implements a basic GET handler which prints debug information as an HTML page...
ai.h2o:h2o-clustering (>=3.32.1.1 <=3.44.0.2), ai.h2o:h2o-k8s (>=3.30.0.2 <=3.44.0.2) +3 more potentially affected by CVE-2020-13697 via org.nanohttpd:nanohttpd-nanolets (=2.3.1)
org.nanohttpd:nanohttpd-nanolets MAVEN version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.nanohttpd:nanohttpd-nanolets and may be impacted: - ai.h2o:h2o-clustering =3.32.1.1, =3.30.0.2, =3.34.0.3, =0.3.0, =2.0, =2.5 Source cves:...
GHSA-PR5M-4W22-8483 NanoHTTPD Cross-site Scripting vulnerability
An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, becaus...
CVE-2020-13697
NanoHTTPD (RouterNanoHTTPD.java, GeneralHandler) through version 2.3.1 is vulnerable to reflected XSS because the GET handler prints unsanitized query-string input into an HTML page. Multiple sources (NVD, CVE-2020-13697 records; Veracode and GHSA advisories; OSV/CVE records) describe this XSS is...
CVE-2020-13697
An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, becaus...
NanoHTTPD Cross-Site Scripting Vulnerability
LordFokas NanoHTTPD is an application for GlobalLordFokas individual developers. It provides a lightweight HTTP server designed for embedding in other applications. A cross-site scripting vulnerability exists in NanoHTTPD through 2.3.1, which stems from the GeneralHandler GET handler printing use...
Securing your red team kit with Uncomplicated Firewall
After reading Identifying Cobalt Strike team servers in the wild I started thinking, why are people not firewalling off their kit? If you read the above post and I suggest you do, you will see under section “Scanning and Results” that the research concluded that 7718 unique Cobalt Strike CS team...