USN-4502-1 ruby-websocket-extensions vulnerability

It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service. CVE-2020-7663...

CVE-2020-16101

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166MR3, v8.10 prior to v8.10.1211MR5, v8.00 prior to v8.00.1228MR6, all versions of 7.90 and earlier...

CVE-2020-16100

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket Configuration Client connections. Affected versions are...

CVE-2020-16100

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket Configuration Client connections. Affected versions are...

Design/Logic Flaw

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166MR3, v8.10 prior to v8.10.1211MR5, v8.00 prior to v8.00.1228MR6, all versions of 7.90 and earlier...

CVE-2020-16101

CVE-2020-16101 affects the Command Centre service. An unauthenticated remote DCOM websocket connection can crash the service due to an out-of-bounds buffer access. Affected versions: v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), and all versions o...

CVE-2020-16100

It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service's DCOM websocket thread due to improper shutdown of closed websocket connections, preventing it from accepting future DCOM websocket Configuration Client connections. Affected versions are...

CVE-2020-16100

CVE-2020-16100 describes an unauthenticated remote DCOM websocket connection that can crash the Command Centre service’s DCOM websocket thread due to improper shutdown of closed websocket connections, preventing future DCOM websocket (Configuration Client) connections. Affected versions are v8.20...

Denial-of-Service (DoS)

jbossweb is vulnerable to denial of service DoS. The vulnerability exists because of an incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb, leading to DoS...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS

A flaw was found in jbossweb. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability...

jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS

A flaw was found in jbossweb. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability...

SUSE-SU-2020:2611-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2020-1935: Fixed an HTTP request smuggling vulnerability bsc1164860. - CVE-2020-13935: Fixed a WebSocket DoS bsc1174117...

CVE-2020-14384

A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this...

CVE-2020-14384

Technical details for CVE-2020-14384 are not publicly available in the provided documents. Connected sources reference CVE-2020-13935 and related Tomcat/JBossWeb issues; monitor for updates.

CVE-2020-14384

A flaw was found in jbossweb. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability. Mitigatio...

Malicious Package in rpc-websocket

Versions of rpc-websocket = 0.7.6 contained malicious code. The package opens a backdoor to a remote server and executes arbitrary commands, effectively acting as a backdoor. Recommendation Any computer that has these versions of the package installed or running should be considered fully...

Missing Origin Validation in browserify-hmr

Versions of browserify-hmr prior to 0.4.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

GHSA-77Q4-M83Q-W76V Missing Origin Validation in browserify-hmr

Versions of browserify-hmr prior to 0.4.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

Denial of Service in uws

Affected versions of uws do not properly handle large websocket messages when permessage-deflate is enabled, which may result in a denial of service condition. If uws recieves a 256Mb websocket message when permessage-deflate is enabled, the server will compress the message prior to executing the...