Lucene search
K

146 matches found

Veracode
Veracode
added 2023/05/15 3:47 a.m.16 views

Improper Authentication

vertx-stomp is vulnerable to Improper Authentication. Without requiring a prior CONNECT frame reply with a successful CONNECTED frame, Vert.x STOMP servers handle client STOMP frames, enabling clients to publish messages or subscribe to destinations, resulting in an attacker subscribing to a...

6.5CVSS6.7AI score0.00511EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2023/05/12 8:20 p.m.5 views

com.nachinius:stomp-for-akka-streams_2.12 (=0.1.2), io.github.davidgregory084:vertices-stomp_2.12 (>=0.1.1 <=0.1.2) +9 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=3.1.0 <=3.9.15)

io.vertx:vertx-stomp MAVEN version =3.1.0, =0.1.1, =0.1.0, =3.4.0, =3.1.0, =3.1.0, =3.4.0, =3.9.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...

6.5CVSS6.5AI score0.00511EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/05/12 8:20 p.m.5 views

cn.vertxup:zero-ifx-stomp (=0.9.0), cn.vertxup:zero-vie (=0.9.0) +3 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=4.0.0 <=4.4.1)

io.vertx:vertx-stomp MAVEN version =4.0.0, =2.0.0, =4.0.0, =4.0.0, =4.4.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...

6.5CVSS6.5AI score0.00511EPSS
Exploits0
OSV
OSV
added 2023/05/12 8:20 p.m.2 views

GHSA-GVRQ-CG5R-7CHP Vert.x STOMP server process client frames that would not send initially a connect frame

Impact A Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with a...

6.5CVSS6.6AI score0.00511EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/05/12 8:20 p.m.22 views

Vert.x STOMP server process client frames that would not send initially a connect frame

Impact A Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with a...

6.5CVSS6.4AI score0.00511EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/05/12 2:15 p.m.30 views

CVE-2023-32081

Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...

6.5CVSS6.4AI score0.00511EPSS
Exploits0References2
Prion
Prion
added 2023/05/12 2:15 p.m.21 views

Authentication flaw

Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...

6.4CVSS6.4AI score0.00511EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/12 1:49 p.m.11 views

CVE-2023-32081 Vert.x STOMP server process client frames that would not send initially a connect frame

Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...

6.5CVSS6.8AI score0.00511EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/12 1:49 p.m.27 views

CVE-2023-32081 Vert.x STOMP server process client frames that would not send initially a connect frame

Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...

6.5CVSS6.6AI score0.00511EPSS
Exploits0References2
CVE
CVE
added 2023/05/12 1:49 p.m.50 views

CVE-2023-32081

Vert.x STOMP server allows clients to subscribe/publish without prior authentication by accepting STOMP frames before a valid initial CONNECT frame. Affects Vert.x STOMP servers in versions 3.1.0–3.9.16 and 4.0.0–4.4.2; root cause is failure to validate the initial CONNECT frame before replying w...

6.5CVSS6.4AI score0.00511EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/05/12 1:49 p.m.22 views

CVE-2023-32081 Vert.x STOMP server process client frames that would not send initially a connect frame

Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...

6.5CVSS6.5AI score0.00511EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.4 views

vert.x-stomp 授权问题漏洞

vert.x-stomp is a STOMP client/server implementation of the Eclipse Vert.x open source. An authorization issue vulnerability exists in vert.x-stomp versions prior to 3.1.0 to 3.9.16 and 4.0.0 to 4.4.2, which stems from a client being able to subscribe to a destination or publish a message without...

6.5CVSS6.4AI score0.00511EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/12 12:0 a.m.8 views

PT-2023-23593 · Unknown · Vert.X Stomp

Name of the Vulnerable Software and Affected Versions: Vert.x STOMP versions 3.1.0 through 3.9.16 Vert.x STOMP versions 4.0.0 through 4.4.2 Description: The Vert.x STOMP server processes client STOMP frames without checking that the client sent an initial CONNECT frame replied with a successful...

6.5CVSS6.5AI score0.00511EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/04/05 1:34 p.m.5 views

springframework: DoS with STOMP over WebSocket

A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user...

6.5CVSS7.3AI score0.02931EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/03/09 12:0 a.m.62 views

Atlassian Jira < 9.6.0 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 9.6.0. It is, therefore, affected by multiple vulnerabilities: - A issue in the underlying Spring framework which permits a authenticated attacker to perform a STOMP over...

6.5CVSS7.2AI score0.02931EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.299 views

K29042031: Multiple Spring Framework vulnerabilities

Security Advisory Description On April 5th, 2018, three new vulnerabilities were published in the popular Java web framework called Spring. Details on these vulnerabilities and exploit code are not yet available, and mitigation details may change if and when the exploit code is available. You can...

9.8CVSS8.8AI score0.95649EPSS
Exploits15
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.36 views

K31022653: Spring Framework vulnerability CVE-2018-1257

Security Advisory Description Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or...

6.5CVSS6.9AI score0.03279EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.6 views

SUSE CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS8.4AI score0.77245EPSS
Exploits5References2
OSV
OSV
added 2023/01/17 7:38 p.m.11 views

GSD-2023-1001625 NFSv4.2: Fix a memory stomp in decode_attr_security_label

NFSv4.2: Fix a memory stomp in decodeattrsecuritylabel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2023/01/17 7:19 p.m.9 views

GSD-2023-1001459 NFSv4.2: Fix a memory stomp in decode_attr_security_label

NFSv4.2: Fix a memory stomp in decodeattrsecuritylabel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

7.2AI score
Exploits0
Rows per page
Query Builder