Lucene search
K

39 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/14 12:0 a.m.21 views

Rocky Linux 8 : tomcat (RLSA-2024:3666)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3666 advisory. Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes: Rebase...

7.5CVSS7.7AI score0.23072EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/06/11 5:34 p.m.274 views

Important: Red Hat Security Advisory: tomcat security and bug fix update

An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS7AI score0.23072EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/06/06 8:43 a.m.43 views

Important: Red Hat Security Advisory: tomcat security and bug fix update

An update for tomcat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS7AI score0.23072EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/06/06 8:43 a.m.3 views

Tomcat: WebSocket DoS with incomplete closing handshake

A denial of service DoS vulnerability present in the Apache Tomcat package arises from an incomplete cleanup process. Specifically, WebSocket clients can perpetuate WebSocket connections without proper termination, thereby causing a sustained drain on system resources. This vulnerability...

6.3CVSS7.2AI score0.02313EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2024/06/06 12:0 a.m.34 views

tomcat security and bug fix update

1:9.0.87-1.el810.1 - Resolves: RHEL-38548 - Amend tomcat package's changelog so that fixed CVEs are mentioned explicitly - Resolves: RHEL-35813 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-29255 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 - Resolves...

7.5CVSS6.8AI score0.23072EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/06/06 12:0 a.m.30 views

Oracle Linux 8 : tomcat (ELSA-2024-3666)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3666 advisory. - Resolves: RHEL-29255 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Tenable has extracted the preceding...

7.5CVSS7.7AI score0.23072EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/06/06 12:0 a.m.19 views

AlmaLinux 8 : tomcat (ALSA-2024:3666)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3666 advisory. Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes: Rebase...

7.5CVSS7.7AI score0.23072EPSS
Exploits1References3
Oracle linux
Oracle linux
added 2024/05/23 12:0 a.m.97 views

tomcat security and bug fix update

1:9.0.87-1.el94.1 - Resolves: RHEL-34815 - Rebase tomcat to version 9.0.87 - Resolves: RHEL-31048 tomcat: Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 - Resolves: RHEL-31032 tomcat: : Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 - Resolves: RHEL-35328 ...

7.5CVSS6.5AI score0.99999EPSS
Exploits22
OSV
OSV
added 2024/05/23 12:0 a.m.40 views

ALSA-2024:3307 Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Tomcat: HTTP/2 header handling DoS CVE-2024-24549 Apache Tomcat: WebSocket DoS with incomplete closing handshake CVE-2024-23672 Bug Fixes and Enhancements: Rebase tomcat to...

7.5CVSS7.5AI score0.23072EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/05/23 12:0 a.m.44 views

RHEL 9 : tomcat (RHSA-2024:3307)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3307 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Tomcat: HTTP/2 heade...

7.5CVSS7.8AI score0.23072EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/07 1:7 p.m.50 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 6.0.2 release and security update

An update is now available for Red Hat JBoss Web Server 6.0.2 on Red Hat Enterprise Linux versions 8 and 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6.3CVSS6.7AI score0.02313EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/07 12:0 a.m.34 views

RHEL 8 / 9 : Red Hat JBoss Web Server 6.0.2 (RHSA-2024:1916)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1916 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache...

6.3CVSS7.3AI score0.02313EPSS
Exploits0References5
Amazon
Amazon
added 2024/04/17 12:0 a.m.10 views

Important: tomcat

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

7.5CVSS7AI score0.23072EPSS
Exploits1
OSV
OSV
added 2023/01/09 9:55 p.m.64 views

GHSA-CM8H-Q92V-XCFC mercurius has Uncaught Exception when using subscriptions

Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. Patches This was patched in https://github.com/mercurius-js/mercurius/pull/940. The patch was released as v11.5.0 and v8.13.2. Workarounds...

5.3CVSS6AI score0.01056EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/07/11 8:55 p.m.7 views

CVE-2022-31080 KubeEdge Websocket Client in package Viaduct: DoS from large response message

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, a large response received by the viaduct WSClient can cause a DoS from memory exhaustion. The entire body of the response is...

4.4CVSS6.3AI score0.00672EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.48 views

SUSE: Security Advisory (SUSE-SU-2020:2611-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.87553EPSS
Exploits1References5
Apache Tomcat
Apache Tomcat
added 2020/07/07 12:0 a.m.79 views

Fixed in Apache Tomcat 7.0.105

Important: WebSocket DoS CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. This was fixed with commits f9f75c14 and 4c049828...

7.5CVSS7.5AI score0.87553EPSS
Exploits1Affected Software1
Apache Tomcat
Apache Tomcat
added 2020/07/05 12:0 a.m.123 views

Fixed in Apache Tomcat 8.5.57

Important: WebSocket DoS CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. This was fixed with commit 12d71567. This issue wa...

7.5CVSS7.6AI score0.87553EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2019/01/09 8:53 a.m.4 views

Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548...

7.5CVSS5.8AI score0.08386EPSS
Exploits0References4
Rows per page
Query Builder