32 matches found
EUVD-2014-8727
Malware in sbrugna...
Security Bulletin: IBM DevOps Release addresses denial of service vulnerability caused by a flaw in processing HTTP/2 stream.
Summary IBM DevOps Release7.0.0.3 addresses denial of service vulnerability caused by a flaw in processing HTTP/2 stream. Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a flaw when processing an HTTP/2 stream. By sending...
Security Bulletin: IBM UrbanCode Release addresses multiple vulnerablities.
Summary IBM UrbanCode Release 6.2.5.11 addresses multiple vulnerablities. CVE-2023-41080, CVE-2022-40149, CVE-2022-40150, CVE-2022-45685, CVE-2023-1436, CVE-2022-45693, CVE-2023-28709, CVE-2020-13936, CVE-2023-28708, CVE-2023-34981, CVE-2019-10172, CVE-2019-10202 Vulnerability Details CVEID:...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2022-45143
Summary IBM UrbanCode Release is affected by CVE-2022-45143 Vulnerability Details CVEID:CVE-2022-45143 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by not escape the type, message or description values in the JsonErrorReportValve function. By...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2022-42252
Summary IBM UrbanCode Release is affected by CVE-2022-42252 Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2022-42252
Summary IBM UrbanCode Release is affected by CVE-2022-42252 Vulnerability Details CVEID:CVE-2021-43980 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a long standing concurrency flaw in the simplified implementation of blocking reads and writes...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2022-34305
Summary IBM UrbanCode Release is affected by CVE-2022-34305 Vulnerability Details CVEID:CVE-2022-34305 DESCRIPTION: Apache Tomcat is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using the...
Security Bulletin: IBM UrbanCode Release is vulnerable to a denial of service due to use of Apache Tomcat CVE-2022-29885
Summary Apache Tomcat is used by IBM UrbanCode Release. This fix includes Apache Tomcat 8.5.79. Vulnerability Details CVEID:CVE-2022-29885 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an use-after-free flaw in theEncryptInterceptor in an untrusted network. By sending...
Security Bulletin: IBM UrbanCode Release is vulnerable to a bypass of security restrictions due to use of Apache Tomcat (CVE-2022-25762).
Summary Apache Tomcat is used by IBM UrbanCode Release. This fix includes Apache Tomcat 8.5.79. Vulnerability Details CVEID:CVE-2022-25762 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in WebSocket connection. By sendin...
Security Bulletin: IBM UrbanCode Release is vulnerable to elevated privileges due to use of Apache Tomcat CVE-2022-23181
Summary Apache Tomcat is used by IBM UrbanCode Release. This fix includes Apache Tomcat 8.5.79. Vulnerability Details CVEID:CVE-2022-23181 DESCRIPTION: Apache Tomcat could allow a local authenticated attacker to gain elevated privileges on the system, caused by a time of check, time of use flaw...
Security Bulletin: IBM UrbanCode Release is vulnerable to a denial of service due to use of Apache Tomcat CVE-2021-42340.
Summary Apache Tomcat is used by IBM UrbanCode Release. This fix includes Apache Tomcat 8.5.79. Vulnerability Details CVEID:CVE-2021-42340 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request...
Security Bulletin: IBM UrbanCode Release is vulnerable to arbitrary code execution due to Apache Log4j( CVE-2021-44228)
Summary IBM UrbanCode Release is impacted by CVE-2021-44228 through the use Apache log4j-1.2 which is part of the logging infrastructure. A logging configuration change can exploit the weakness resulting in unauthorized access to the administrative functions within Settings. An iFix has been...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2021-41079
Summary IBM UrbanCode Release version 6.2.2.7 - 6.2.5.2 are affected by CVE-2021-41079 Vulnerability Details CVEID: CVE-2021-41079 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper input validation of TLS packets. By sending a specially-crafted TLS packet, a remo...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2021-30640
Summary IBM UrbanCode Release version 6.2.2.7 - 6.2.5.4 are affected by CVE-2021-30640 Vulnerability Details CVEID: CVE-2021-30640 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper authentication validation in the JNDI Realm. By sending a...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2021-25122 and CVE-2021-25329
Summary IBM UrbanCode Release version 6.2.2.7 - 6.2.5.2 are affected by CVE-2021-25122 and CVE-2021-25329 Vulnerability Details CVEID: CVE-2021-25122 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when responding to new h2c connection...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2020-17527
Summary IBM UrbanCode Release version 6.2.2.7 - 6.2.5.2 are affected by CVE-2020-17527 Vulnerability Details CVEID: CVE-2020-17527 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an issue when the HTTP request header value can be reused from the...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2021-33037
Summary IBM UrbanCode Release version 6.2.2.7 - 6.2.5.4 are affected by CVE-2021-33037 Vulnerability Details CVEID: CVE-2021-33037 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header. By sending a...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2021-30639
Summary IBM UrbanCode Release version 6.2.5.3 - 6.2.5.4 are affected by CVE-2021-30639 Vulnerability Details CVEID: CVE-2021-30639 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper error handling during non-blocking I/O. By sending a specially-crafted request, a...
Security Bulletin: IBM UrbanCode Release is affected by CVE-2021-24122
Summary IBM UrbanCode Release version 6.2.2.7 - 6.2.5.2 are affected by CVE-2021-24122 Vulnerability Details CVEID: CVE-2021-24122 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when serving resources from a network location using the NT...
Security Bulletin: [All] Apache Tomcat (core only) (Publicly disclosed vulnerability) CVE-2020-1935, CVE-2019-17569
Summary In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a...