13 matches found
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...
CVE-2026-22741
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...
CVE-2026-22741
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...
HTTP Request Smuggling
Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to HTTP Request Smuggling via the static...
HTTP Request Smuggling
Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...
openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20350-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20350-1 advisory. Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733:...
EUVD-2011-2771
Malware in sbrugna...
Vulnerabilities that aren’t. ETag headers
This time were looking at the ETag Entity Tag header. I take some of the blame for this one as I first added a dissector of the header to Nikto’s headers plugin back in 2008, then other scanners added it. What Is It? The header is a simplistic method of helping the user-agent identify whether it...
CVE-2011-2797
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching...
Design/Logic Flaw
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching...
CVE-2011-2797
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching...
CVE-2011-2797
Removed by vendor...
CVE-2011-2797
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching...