Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service DoS attack...

GHSA-33HJ-RCMX-86MV Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service DoS attack...

CVE-2024-4027

A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service DoS attack...

EUVD-2012-3293

Malware in sbrugna...

EUVD-2003-0147

Malware in sbrugna...

EUVD-2017-2930

Malware in sbrugna...

EUVD-2002-2120

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-32532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with . i...

CVE-2020-11626

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Two Cross Side Scripting XSS vulnerabilities have been found in the Public Web and the Certificate/CRL download servlets...

Zucchetti Ad Hoc Infinity 跨站脚本漏洞

Zucchetti Ad Hoc Infinity is an ERP software from Zucchetti. A cross-site scripting vulnerability exists in Zucchetti Ad Hoc Infinity version 2.4, which originates from cross-site scripting in the /servlet/gsdmfsavehtmltmp and /servlet/gsdmbtlkopenfile components and could lead to remote code...

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Project Download Vulnerability

ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthorized project file disclosure in jsonProxy.php. An unauthenticated remote attacker can issue a GET request abusing the DownloadProject servlet to download sensitive project files. The jsonProxy.php script bypasses authentication by...

Denial Of Service (DoS)

org.eclipse.jetty:jetty-servlets is vulnerable to Denial Of Service DoS. The vulnerability is due to unauthenticated users being able to exhaust the server's memory, leading to a crash...

au.csiro.pathling:fhir-server (=7.2.0), br.com.archbase:archbase-annotation-processor (>=2.1.2 <=2.1.17) +847 more potentially affected by CVE-2024-9823 via org.eclipse.jetty.ee10:jetty-ee10-servlets (>=12.0.0 <=12.0.29)

org.eclipse.jetty.ee10:jetty-ee10-servlets MAVEN version =12.0.0, =2.1.2, =2.1.2, =2.1.2, =2.1.2, =2.1.2, =2.1.2, =2.1.2, =2.1.2, =2.1.2, =2.1.2, =2.1.2, =2.1.2, =2.1.2, =2.1.2, =2.1.17 and more Source cves: CVE-2024-9823 Source advisory: OSV:GHSA-J26W-F9RQ-MR2Q...

com.google.appengine:jetty12-assembly (>=2.0.20 <=3.0.1), org.eclipse.jetty.ee9.demos:jetty-ee9-demo-embedded (>=12.0.0 <=12.0.29) +5 more potentially affected by CVE-2024-9823 via org.eclipse.jetty.ee9:jetty-ee9-servlets (>=12.0.0 <=12.0.29)

org.eclipse.jetty.ee9:jetty-ee9-servlets MAVEN version =12.0.0, =2.0.20, =12.0.0, =12.0.0, =12.0.0, =12.0.0, =12.0.12, =12.0.29 Source cves: CVE-2024-9823 Source advisory: OSV:GHSA-J26W-F9RQ-MR2Q...

ca.ibodrov.concord:repository-browser-plugin (>=1.0.0 <=1.0.1), ca.ibodrov.concord:testcontainers-concord-core (>=2.0.3 <=2.0.5) +19 more potentially affected by CVE-2024-9823 via org.eclipse.jetty.ee8:jetty-ee8-servlets (>=12.0.0 <=12.0.29)

org.eclipse.jetty.ee8:jetty-ee8-servlets MAVEN version =12.0.0, =1.0.0, =2.0.3, =0.0.27, =0.0.27, =2.0.20, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.22.0, =2.38.0 and more Source cves: CVE-2024-9823 Source advisory: OSV:GHSA-J26W-F9RQ-MR2Q...

Apache Sling Path Traversal Vulnerability

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to meet the JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. A path traversal vulnerability exists in Apache Sling Servlets Resolver...

GHSA-H2RQ-QHR7-53GM Apache Sling Servlets Resolver executes malicious code via path traversal

Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the...

Apache Sling Servlets Resolver executes malicious code via path traversal

Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the...

CVE-2024-23673

Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the...

CVE-2024-23673

Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the...