5368 matches found
CVE-2019-1000022
Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery CSRF vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoin...
CVE-2019-1000022
Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery CSRF vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoin...
Cross site request forgery (csrf)
Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery CSRF vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoin...
CVE-2019-1000022
Taoensso Sente version Prior to version 1.14.0 contains a Cross Site Request Forgery CSRF vulnerability in WebSocket handshake endpoint that can result in CSRF attack, possible leak of anti-CSRF token. This attack appears to be exploitable via malicious request against WebSocket handshake endpoin...
CVE-2019-1000022
Taoensso Sente versions prior to 1.14.0 contain a CSRF vulnerability in the WebSocket handshake endpoint that can enable a CSRF attack and possibly leak an anti-CSRF token. Affected component: Sente WebSocket handshake. Root cause: missing CSRF protections during handshake. Impact per sources: po...
Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities (CVE-2018-11784, CVE-2018-8034)
Summary IBM WebSphere Cast Iron Solution has addressed the following vulnerabilities reported in Apache Tomcat v7. Vulnerability Details CVEID: CVE-2018-11784 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the...
tomcat: Host name verification missing in WebSocket client
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...
tomcat: Host name verification missing in WebSocket client
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...
Denial Of Service (DoS)
qemu-kvm-rhev is vulnerable to denial of service. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of servi...
Denial Of Service (DoS)
httpd is vulnerable to denial of service. The modlua httpd module improperly processed certain WebSocket Ping requests, allowing a remote attacker to cause the httpd child process to crash via a malicious WebSocket Ping request...
Session Hijacking
openstack-nova is vulnerable to session hijacking attacks. The vulnerability exists as OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users f...
RHEL 7 : .NET Core on Red Hat Enterprise Linux (RHSA-2019:0040)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0040 advisory. .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
Digium Asterisk WebSocket Denial of Service (CVE-2018-7287)
A denial-of-service vulnerability exists in Digium Asterisk. The vulnerability is due to improper handling of WebSocket payloads. Successful exploitation would result in a crash of the server process leading to denial of service...
Moderate: Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security update
Updates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548...
Core: AspNetCoreModule WebSocket DOS
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564...
Apache 2.4.x < 2.4.16 Multiple Vulnerabilities
According to its banner, the version of Apache 2.4.x installed on the remote host is prior to 2.4.16. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the luawebsocketread function in the 'modlua' module due to incorrect handling of WebSocket PING frames. A remote...
GHSA-CF66-XWFP-GVC4 Missing Origin Validation in webpack-dev-server
Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...
Missing Origin Validation in webpack-dev-server
Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...
The vulnerability of the Logitech Options peripheral control utility allows a hacker to execute arbitrary commands.
The vulnerability of the Logitech Options peripheral control utility lies in the lack of restrictions on the number of authentication attempts made through the WebSocket server. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially crafted web page...