Lucene search
K

94 matches found

CVE
CVE
added 2023/04/18 8:35 p.m.553 views

CVE-2023-26049

Jetty cookie parsing vulnerability CVE-2023-26049 affects Jetty’s cookie handling where a cookie VALUE starting with a double quote can cause the parser to read past semicolons, effectively merging multiple cookies into one. This can enable cookie smuggling (e.g., exfiltrating HttpOnly cookies li...

5.3CVSS5.1AI score0.013EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2023/04/18 8:30 p.m.28 views

CVE-2023-26048 OutOfMemoryError for large multipart without filename in Eclipse Jetty

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support e.g. annotated with @MultipartConfig that call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause OutOfMemoryError when the client sends a multipart request with a part...

5.3CVSS5.6AI score0.0326EPSS
Exploits0References8
CVE
CVE
added 2023/04/18 8:30 p.m.593 views

CVE-2023-26048

CVE-2023-26048 (Jetty) affects Jetty’s Java-based web server/servlet engine. Affected servlets using multipart support (e.g., @MultipartConfig) calling HttpServletRequest.getParameter() or getParts() may trigger an OutOfMemoryError when a client sends a multipart part with a name but no filename ...

5.3CVSS5.9AI score0.0326EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2022/11/15 10:41 a.m.6 views

Low: Red Hat Bug Fix Advisory: pki-servlet-engine bug fix and enhancement update

An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9. For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section...

7.5CVSS6.7AI score0.10997EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2022/11/15 6:15 a.m.17 views

pki-servlet-engine bug fix and enhancement update

An update is available for pki-servlet-engine. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

2AI score
Exploits0
Debian
Debian
added 2022/08/02 11:1 a.m.40 views

[SECURITY] [DSA 5198-1] jetty9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5198-1 [email protected] https://www.debian.org/security/ Markus Koschany August 02, 2022 https://www.debian.org/security/faq -...

7.5CVSS7.3AI score0.0227EPSS
Exploits0
Rockylinux
Rockylinux
added 2022/05/17 7:24 a.m.13 views

new packages: pki-servlet-engine

An update is available for pki-servlet-engine. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

2.2AI score
Exploits0
OpenVAS
OpenVAS
added 2021/08/06 12:0 a.m.34 views

Debian: Security Advisory (DSA-4949-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.4AI score0.7848EPSS
Exploits5References4
CNVD
CNVD
added 2021/07/19 12:0 a.m.50 views

Eclipse Jetty has an arbitrary file download vulnerability

Jetty is a lightweight and highly scalable Java-based web server and servlet engine. Eclipse Jetty has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive information...

5CVSS2AI score0.99298EPSS
Exploits6Affected Software1
Oracle linux
Oracle linux
added 2021/05/25 12:0 a.m.54 views

pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

apache-commons-collections jss 4.8.1-2 - Bug 1932803 - HSM + FIPS: CMCRequest with a shared secret resulting in error 4.8.1-1 - Rebase to upstream JSS v4.8.1 - Red Hat Bugilla 1908541 - jss broke SCEP - missing PasswordChallenge class - Red Hat Bugilla 1489256 - RFE jss should support RSA with OA...

8.1CVSS8.6AI score0.02023EPSS
Exploits0
OSV
OSV
added 2019/05/21 9:29 p.m.4 views

CVE-2019-12270

OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. T...

7.4CVSS7.1AI score0.01518EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/05/21 8:7 p.m.31 views

CVE-2019-12270

OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. T...

7.3AI score0.01518EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/12/24 12:0 a.m.46 views

Debian DSA-4357-1 : libapache-mod-jk - security update

Raphael Arrouas and Jean Lejeune discovered an access control bypass vulnerability in modjk, the Apache connector for the Tomcat Java servlet engine. The vulnerability is addressed by upgrading modjk to the new upstream version 1.2.46, which includes additional changes. -...

7.5CVSS7.4AI score0.90647EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2018/08/20 12:0 a.m.47 views

Debian DSA-4278-1 : jetty9 - security update

Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in HTTP request smuggling. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4278. The text itself is...

9.8CVSS7AI score0.20985EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2018/02/04 12:0 a.m.34 views

Debian: Security Advisory (DLA-1021-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.05795EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/07/12 12:0 a.m.36 views

Debian DLA-1021-1 : jetty8 security update

It was discovered that Jetty8, a Java servlet engine and webserver, was vulnerable to a timing attack which might reveal cryptographic credentials such as passwords to a local user. For Debian 7 'Wheezy', these problems have been fixed in version 8.1.3-4+deb7u1. We recommend that you upgrade your...

7.5CVSS6.7AI score0.05795EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/03/22 5:11 p.m.6 views

tomcat: Infinite loop in the processing of https requests

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop...

7.5CVSS5.8AI score0.07486EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2017/03/22 4:46 p.m.6 views

tomcat: Infinite loop in the processing of https requests

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop...

7.5CVSS5.8AI score0.07486EPSS
Exploits0References6
0day.today
0day.today
added 2016/07/20 12:0 a.m.67 views

Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting

Exploit for multiple platform in category web applications Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities Vendor: Wowza Media Systems, LLC. Product web page: https://www.wowza.com Affected version: 4.5.0 build 18676 Platform: JSP Summary: Wowza Streaming Engine is...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2016/07/20 12:0 a.m.44 views

Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities

Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities Vendor: Wowza Media Systems, LLC. Product web page: https://www.wowza.com Affected version: 4.5.0 build 18676 Platform: JSP Summary: Wowza Streaming Engine is robust, customizable, and scalable server software that powers...

7.4AI score
Exploits0
Rows per page
Query Builder