15 matches found
GHSA-X4VP-4235-65HG OpenClaw has pre-auth webhook body parsing that can enable unauthenticated slow-request DoS
Impact OpenClaw webhook handlers for BlueBubbles and Google Chat accepted and parsed request bodies before authentication and signature checks on vulnerable releases. This allowed unauthenticated clients to hold parser work open with slow/oversized request bodies and degrade availability...
pcp security update
6.2.2-7 - Fix buffer sizing checks in pmstore PDU handling RHEL-57809 - Guard against symlink attacks in pmpost program RHEL-57814 - Fix libpcpweb webgroup slow request refcounting RHEL-58307 - Updated pmdahacluster for newer crmmon versions RHEL-58303...
pcp security update
6.2.0-5.0.1 - Fixed libpcp derived metric issue for ol9 Orabug: 36538820 6.2.0-5 - Fix buffer sizing checks in pmstore PDU handling RHEL-57805 - Guard against symlink attacks in pmpost program RHEL-57810 - Fix libpcpweb webgroup slow request refcounting RHEL-58306 - Updated pmdahacluster for newe...
Oracle Linux 9 : pcp (ELSA-2024-6848)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6848 advisory. 6.2.0-5.0.1 - Fixed libpcp derived metric issue for ol9 Orabug: 36538820 6.2.0-5 - Fix buffer sizing checks in pmstore PDU handling RHEL-57805 - Guard...
httpd:2.4 security update
httpd 2.4.37-64.0.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-64 - Resolves: RHEL-14448 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 2.4.37-63 - modxml2enc: fix media type handling Resolves: RHEL-14321 modhttp2 1.15.7-10 - Resolves: RHEL-29817 -...
4GEE ROUTER HH70VB 资源管理错误漏洞
4GEE ROUTER HH70VB is a router. A resource management error vulnerability exists on the 4GEE ROUTER HH70VB version of HH70E102.0022, which can be exploited by an attacker to send incomplete HTTP requests using the slowhttptest utility, which may cause the server to wait for packets to complete th...
httpd: mod_http2: DoS via slow, unneeded request bodies
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
httpd: mod_http2: DoS via slow, unneeded request bodies
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
httpd: mod_http2: DoS via slow, unneeded request bodies
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
httpd: mod_http2: DoS via slow, unneeded request bodies
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
httpd: mod_http2: DoS via slow, unneeded request bodies
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
DEBIAN-CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...
Security fix for the ALT Linux 10 package apache2 version 1:2.4.38-alt1
Jan. 25, 2019 Anton Farygin 1:2.4.38-alt1 - 2.4.38 - fixes: important: modssl 2.4.37 remote DoS when used with OpenSSL 1.1.1. CVE-2019-0190 low: modsessioncookie does not respect expiry time. CVE-2018-17199 low: DoS for HTTP/2 connections via slow request bodies. CVE-2018-17189...
lighttpd 1.41.5 - Slow Request Handling Remote Denial of Service
lighttpd 1.41.5 - Slow Request Handling Remote Denial of Service source: https://www.securityfocus.com/bid/38036/info The 'lighttpd' webserver is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to hang, denying service to legitimate...
lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service
source: https://www.securityfocus.com/bid/38036/info The 'lighttpd' webserver is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to hang, denying service to legitimate users. slowtest.sh for j=0;j/dev/null 2/dev/null & done& sleep 3 don...