94 matches found
CVE-2023-26049
Jetty cookie parsing vulnerability CVE-2023-26049 affects Jetty’s cookie handling where a cookie VALUE starting with a double quote can cause the parser to read past semicolons, effectively merging multiple cookies into one. This can enable cookie smuggling (e.g., exfiltrating HttpOnly cookies li...
CVE-2023-26048 OutOfMemoryError for large multipart without filename in Eclipse Jetty
Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support e.g. annotated with @MultipartConfig that call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause OutOfMemoryError when the client sends a multipart request with a part...
CVE-2023-26048
CVE-2023-26048 (Jetty) affects Jetty’s Java-based web server/servlet engine. Affected servlets using multipart support (e.g., @MultipartConfig) calling HttpServletRequest.getParameter() or getParts() may trigger an OutOfMemoryError when a client sends a multipart part with a name but no filename ...
Low: Red Hat Bug Fix Advisory: pki-servlet-engine bug fix and enhancement update
An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9. For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section...
pki-servlet-engine bug fix and enhancement update
An update is available for pki-servlet-engine. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
[SECURITY] [DSA 5198-1] jetty9 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5198-1 [email protected] https://www.debian.org/security/ Markus Koschany August 02, 2022 https://www.debian.org/security/faq -...
new packages: pki-servlet-engine
An update is available for pki-servlet-engine. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
Debian: Security Advisory (DSA-4949-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Eclipse Jetty has an arbitrary file download vulnerability
Jetty is a lightweight and highly scalable Java-based web server and servlet engine. Eclipse Jetty has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive information...
pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
apache-commons-collections jss 4.8.1-2 - Bug 1932803 - HSM + FIPS: CMCRequest with a shared secret resulting in error 4.8.1-1 - Rebase to upstream JSS v4.8.1 - Red Hat Bugilla 1908541 - jss broke SCEP - missing PasswordChallenge class - Red Hat Bugilla 1489256 - RFE jss should support RSA with OA...
CVE-2019-12270
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. T...
CVE-2019-12270
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. T...
Debian DSA-4357-1 : libapache-mod-jk - security update
Raphael Arrouas and Jean Lejeune discovered an access control bypass vulnerability in modjk, the Apache connector for the Tomcat Java servlet engine. The vulnerability is addressed by upgrading modjk to the new upstream version 1.2.46, which includes additional changes. -...
Debian DSA-4278-1 : jetty9 - security update
Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in HTTP request smuggling. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4278. The text itself is...
Debian: Security Advisory (DLA-1021-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1021-1 : jetty8 security update
It was discovered that Jetty8, a Java servlet engine and webserver, was vulnerable to a timing attack which might reveal cryptographic credentials such as passwords to a local user. For Debian 7 'Wheezy', these problems have been fixed in version 8.1.3-4+deb7u1. We recommend that you upgrade your...
tomcat: Infinite loop in the processing of https requests
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop...
tomcat: Infinite loop in the processing of https requests
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop...
Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting
Exploit for multiple platform in category web applications Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities Vendor: Wowza Media Systems, LLC. Product web page: https://www.wowza.com Affected version: 4.5.0 build 18676 Platform: JSP Summary: Wowza Streaming Engine is...
Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities
Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities Vendor: Wowza Media Systems, LLC. Product web page: https://www.wowza.com Affected version: 4.5.0 build 18676 Platform: JSP Summary: Wowza Streaming Engine is robust, customizable, and scalable server software that powers...