146 matches found
Improper Authentication
vertx-stomp is vulnerable to Improper Authentication. Without requiring a prior CONNECT frame reply with a successful CONNECTED frame, Vert.x STOMP servers handle client STOMP frames, enabling clients to publish messages or subscribe to destinations, resulting in an attacker subscribing to a...
com.nachinius:stomp-for-akka-streams_2.12 (=0.1.2), io.github.davidgregory084:vertices-stomp_2.12 (>=0.1.1 <=0.1.2) +9 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=3.1.0 <=3.9.15)
io.vertx:vertx-stomp MAVEN version =3.1.0, =0.1.1, =0.1.0, =3.4.0, =3.1.0, =3.1.0, =3.4.0, =3.9.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...
cn.vertxup:zero-ifx-stomp (=0.9.0), cn.vertxup:zero-vie (=0.9.0) +3 more potentially affected by CVE-2023-32081 via io.vertx:vertx-stomp (>=4.0.0 <=4.4.1)
io.vertx:vertx-stomp MAVEN version =4.0.0, =2.0.0, =4.0.0, =4.0.0, =4.4.1 Source cves: CVE-2023-32081 Source advisory: OSV:GHSA-GVRQ-CG5R-7CHP...
GHSA-GVRQ-CG5R-7CHP Vert.x STOMP server process client frames that would not send initially a connect frame
Impact A Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with a...
Vert.x STOMP server process client frames that would not send initially a connect frame
Impact A Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with a...
CVE-2023-32081
Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...
Authentication flaw
Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...
CVE-2023-32081 Vert.x STOMP server process client frames that would not send initially a connect frame
Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...
CVE-2023-32081 Vert.x STOMP server process client frames that would not send initially a connect frame
Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...
CVE-2023-32081
Vert.x STOMP server allows clients to subscribe/publish without prior authentication by accepting STOMP frames before a valid initial CONNECT frame. Affects Vert.x STOMP servers in versions 3.1.0–3.9.16 and 4.0.0–4.4.2; root cause is failure to validate the initial CONNECT frame before replying w...
CVE-2023-32081 Vert.x STOMP server process client frames that would not send initially a connect frame
Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a...
vert.x-stomp 授权问题漏洞
vert.x-stomp is a STOMP client/server implementation of the Eclipse Vert.x open source. An authorization issue vulnerability exists in vert.x-stomp versions prior to 3.1.0 to 3.9.16 and 4.0.0 to 4.4.2, which stems from a client being able to subscribe to a destination or publish a message without...
PT-2023-23593 · Unknown · Vert.X Stomp
Name of the Vulnerable Software and Affected Versions: Vert.x STOMP versions 3.1.0 through 3.9.16 Vert.x STOMP versions 4.0.0 through 4.4.2 Description: The Vert.x STOMP server processes client STOMP frames without checking that the client sent an initial CONNECT frame replied with a successful...
springframework: DoS with STOMP over WebSocket
A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user...
Atlassian Jira < 9.6.0 Multiple Vulnerabilities
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 9.6.0. It is, therefore, affected by multiple vulnerabilities: - A issue in the underlying Spring framework which permits a authenticated attacker to perform a STOMP over...
K29042031: Multiple Spring Framework vulnerabilities
Security Advisory Description On April 5th, 2018, three new vulnerabilities were published in the popular Java web framework called Spring. Details on these vulnerabilities and exploit code are not yet available, and mitigation details may change if and when the exploit code is available. You can...
K31022653: Spring Framework vulnerability CVE-2018-1257
Security Advisory Description Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or...
SUSE CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
GSD-2023-1001625 NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4.2: Fix a memory stomp in decodeattrsecuritylabel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...
GSD-2023-1001459 NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4.2: Fix a memory stomp in decodeattrsecuritylabel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...