2 matches found
CVE-2020-5236
Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and...
[SA13360] Jakarta Lucene "results.jsp" Cross-Site Scripting Vulnerability
TITLE: Jakarta Lucene "results.jsp" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA13360 VERIFY ADVISORY: http://secunia.com/advisories/13360/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Jakarta Lucene 1.x http://secunia.com/product/4352/...