Denial Of Service (DoS)

sails-hook-sockets is vulnerable to denial of service DoS. An attacker can send a WebSocket request with an empty string to the URL pathname variable to trigger an application crash as the error was not handled...

Apache Tomcat Denial of Service Vulnerability (CNVD-2020-46230)

Apache Tomcat is the United States Apache Apache Software Foundation, a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. A security vulnerability exists in WebSocket in Apache Tomcat that stems from the program not properly validating the...

CVE-2018-21036

Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...

CVE-2018-21036

Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...

CVE-2018-21036

Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request...

CVE-2018-21036

CVE-2018-21036 affects Sails.js before v1.0.0-46. The root cause is a missing error handler in the sails-hook-sockets module to handle an empty pathname in a WebSocket request, which enables a denial of service with a single request. Public references reiterate the same description. No explicit r...

libzmq:test_connect_ws_fuzzer: Use-of-uninitialized-value in zmq::stream_engine_base_t::out_event

Project: https://github.com/zeromq/libzmq.git Detailed Report: https://oss-fuzz.com/testcase?key=6326324676001792 Project: libzmq Fuzzing Engine: libFuzzer Fuzz Target: testconnectwsfuzzer Job Type: libfuzzermsanlibzmq Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...

Apache Tomcat Multiple DoS Vulnerabilities (Jul 2020) - Windows

Apache Tomcat is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache Tomcat Multiple DoS Vulnerabilities (Jul 2020) - Linux

Apache Tomcat is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache Tomcat 9.0.0.M1 < 9.0.37 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.37. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.37security-9 advisory. - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to...

Apache Tomcat 8.5.0 < 8.5.57 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.57. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.57security-8 advisory. - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to...

Denial Of Service (DoS)

apache tomcat is vulnerable to denial of service. An infinite loop to occurs when invalid payload lengths are parsed. An attacker is able to cause a denial of service condition in the application via malicious WebSocket frames with invalid payload lengths...

CVE-2020-13935

A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...

Vulnerabilities fixed in Apache Tomcat

Several vulnerabilities have been fixed in Apache Tomcat. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service on the Tomcat server. To do this the malicious party must send specially crafted HTTP or WebSocket traffic to the vulnerable server. The developer...

CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

DEBIAN-CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

Denial of service

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

UBUNTU-CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

CVE-2020-13935

CVE-2020-13935 affects Apache Tomcat: the WebSocket frame payload length was not properly validated, which could trigger an infinite loop and allow DoS via multiple invalid payloads. Affected: Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, and 7.0.27 to 7.0.104. The initial d...