CVSS: 5.9EPSS: 69%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-10687 – Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests
https://notcve.org/view.php?id=CVE-2020-10687
17 Aug 2020 — A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. Se detectó un fallo en todas las versiones de Undertow versiones anteriores a Undertow 2.2.0.Final, donde el tráfico malicioso de peticiones... • https://bugzilla.redhat.com/show_bug.cgi?id=1785049 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1710 – EAP: field-name is not parsed in accordance to RFC7230
https://notcve.org/view.php?id=CVE-2020-1710
17 Aug 2020 — The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. El problema parece ser que JBoss EAP versión 6.4.21, no analiza el nombre de campo de acuerdo con RFC7230[1] ya que devuelve 200 en lugar de 400 A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instea... • https://bugzilla.redhat.com/show_bug.cgi?id=1793970 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-19343 – Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely
https://notcve.org/view.php?id=CVE-2019-19343
16 Jun 2020 — A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable. Se encontró una falla en Undertow al usar Remoting como se envió en Red Hat Jboss EAP anterior a la versión 7.2.4. Una filtrado de memoria en HttpOpenListener debido a mantener conexiones remotas... • https://bugzilla.redhat.com/show_bug.cgi?id=1780445 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 1%CPEs: 27EXPL: 1CVE-2019-14900 – hibernate: SQL injection issue in Hibernate ORM
https://notcve.org/view.php?id=CVE-2019-14900
12 May 2020 — A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. Se encontró un fallo en Hibernate ORM en versiones anteriores a 5.3.18, 5.4.18 y 5.5.0.Beta1. Una inyección SQL en la implementación de la API JPA Criteria pu... • https://github.com/shanika04/hibernate-orm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2020-10719 – undertow: invalid HTTP request with large chunk size
https://notcve.org/view.php?id=CVE-2020-10719
11 May 2020 — A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling. Se detectó un fallo en Undertow en versiones anteriores a 2.1.1.Final, con respecto al procesamiento de peticiones HTTP no válidas con tamaños de fragmentos grandes. Este fallo permite a un atacante tomar ventaja del tráfico no autorizado de peticiones HTTP. A flaw was found in Undertow, regarding the ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10719 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2020-10693 – hibernate-validator: Improper input validation in the interpolation of constraint error messages
https://notcve.org/view.php?id=CVE-2020-10693
06 May 2020 — A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. Se encontró un fallo en Hibernate Validator versión 6.1.2.Final. Un error en el procesador de interpolación de mensajes permite evaluar expresiones EL no válid... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2019-14887 – wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
https://notcve.org/view.php?id=CVE-2019-14887
12 Mar 2020 — A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable. Se detectó un fallo cuando un proveedor de seguridad OpenSSL es usa... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14887 • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 9.1EPSS: 2%CPEs: 12EXPL: 1CVE-2019-20444 – netty: HTTP request smuggling
https://notcve.org/view.php?id=CVE-2019-20444
29 Jan 2020 — HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." El archivo HttpObjectDecoder.java en Netty versiones anteriores a 4.1.44, permite un encabezado HTTP que carece de ":" dos puntos, que podría ser interpretado como un encabezado separado con una sintaxis incorrecta, o podría ser interpretado como un "invalid fold." A HTTP smuggling flaw was found in Htt... • https://access.redhat.com/errata/RHSA-2020:0497 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 1CVE-2019-20445 – netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
https://notcve.org/view.php?id=CVE-2019-20445
29 Jan 2020 — HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. "El archivo HttpObjectDecoder.java en Netty versiones anteriores a 4.1.44, permite que un encabezado Content-Length esté acompañado por un segundo encabezado Content-Length o por un encabezado Transfer-Encoding." A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Enco... • https://access.redhat.com/errata/RHSA-2020:0497 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •