94 matches found
RHSA-2024:8528 Red Hat Security Advisory: pki-servlet-engine security update
Bulletin has no description...
RHSA-2024:8494 Red Hat Security Advisory: pki-servlet-engine security update
Bulletin has no description...
Important: Red Hat Security Advisory: pki-servlet-engine security update
An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2024-6763
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browser...
RHBA-2022:8077 Red Hat Bug Fix Advisory: pki-servlet-engine bug fix and enhancement update
Bulletin has no description...
RHEL 9 : pki-servlet-engine (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: Leaking of unrelated request bodies in default error page CVE-2024-21733 Note that Nessus has not tested fo...
RHEL 8 : pki-servlet-engine (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - Apache Tomcat: Information disclosure CVE-2021-43980 Note that Nessus has not tested for this issue but has instead...
RHEL 8 : jbossweb (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tomcat: deserialization flaw in session persistence storage leading to RCE CVE-2020-9484 Note that Nessus has not...
Moderate: mod_jk and mod_proxy_cluster security update
The modjk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fixes: httpd: Apache Tomcat Connectors modjk Information Disclosure...
CVE-2024-22201
Technical details about CVE-2024-22201 are not provided in the Connected documents. The Initial entry mentions affected Jetty versions and a patch, but does not supply root-cause analysis, exact vulnerable components, exploit details, or comprehensive mitigations. Monitor for updates.
CVE-2024-22201
Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...
Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks
Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security...
Debian: Security Advisory (DSA-5540-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3641-1] jetty9 security update
Debian LTS Advisory DLA-3641-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 30, 2023 https://wiki.debian.org/LTS Package : jetty9 Version : 9.4.50-4+deb10u1 CVE ID : CVE-2020-27218 CVE-2023-36478 CVE-2023-44487 Debian Bug : 976211 Two remotely exploitab...
Debian: Security Advisory (DLA-3592-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-5507-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5507-1] jetty9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5507-1 [email protected] https://www.debian.org/security/ Markus Koschany September 28, 2023 https://www.debian.org/security/faq -...
CVE-2023-41900 Jetty's OpenId Revoked authentication allows one request
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the...
SUSE SLED15: jetty-annotations / jetty-ant / jetty-cdi / jetty-client / etc (SUSE-SU-2023:2539-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2539-1 advisory. Updated to version 9.4.51.v20230217: - CVE-2023-26048: Fixed an excessive memory consumption whe...
CVE-2023-26048
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support e.g. annotated with @MultipartConfig that call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause OutOfMemoryError when the client sends a multipart request with a part...