CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 1CVE-2019-20445 – netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header
https://notcve.org/view.php?id=CVE-2019-20445
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. "El archivo HttpObjectDecoder.java en Netty versiones anteriores a 4.1.44, permite que un encabezado Content-Length esté acompañado por un segundo encabezado Content-Length o por un encabezado Transfer-Encoding." A flaw was found in Netty before version 4.1.44, where it accepted multiple Content-Length headers and also accepted both Transfer-Encoding, as well as Content-Length headers where it should reject the message under such circumstances. In circumstances where Netty is used in the context of a server, it could result in a viable HTTP smuggling vulnerability. • https://access.redhat.com/errata/RHSA-2020:0497 https://access.redhat.com/errata/RHSA-2020:0567 https://access.redhat.com/errata/RHSA-2020:0601 https://access.redhat.com/errata/RHSA-2020:0605 https://access.redhat.com/errata/RHSA-2020:0606 https://access.redhat.com/errata/RHSA-2020:0804 https://access.redhat.com/errata/RHSA-2020:0805 https://access.redhat.com/errata/RHSA-2020:0806 https://access.redhat.com/errata/RHSA-2020:0811 https://github.com/netty/netty/compare& • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 2CVE-2019-17570 – xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response
https://notcve.org/view.php?id=CVE-2019-17570
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed. Se detectó una deserialización no confiable en el método org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult de la biblioteca Apache XML-RPC (también se conoce como ws-xmlrpc). Un servidor XML-RPC malicioso podría apuntar a un cliente XML-RPC causando que ejecute código arbitrario. • https://github.com/r00t4dm/CVE-2019-17570 http://www.openwall.com/lists/oss-security/2020/01/24/2 https://access.redhat.com/errata/RHSA-2020:0310 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570%3B https://github.com/orangecertcc/security-research/security/advisories/GHSA-x2r6-4m45-m4jp https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/01/msg00033.html https: • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 1CVE-2020-2655 – OpenJDK: Incorrect handling of unexpected CertificateVerify TLS handshake messages (JSSE, 8231780)
https://notcve.org/view.php?id=CVE-2020-2655
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • https://github.com/RUB-NDS/CVE-2020-2655-DemoServer http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html https://access.redhat.com/errata/RHSA-2020:0122 https://access.redhat.com/errata/RHSA-2020:0128 https://access.redhat.com/errata/RHSA-2020:0232 https://seclists.org/bugtraq/2020/Jan/24 https://security.netapp.com/advisory/ntap-20200122-0003 https://usn.ubuntu.com/4257-1 https://www.debian.org/security/2020/dsa-4605 https://www.oracle.com/sec • CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 4.3EPSS: 0%CPEs: 75EXPL: 0CVE-2020-2654 – OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)
https://notcve.org/view.php?id=CVE-2020-2654
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html https://access.redhat.com/errata/RHSA-2020:0122 https://access.redhat.com/errata/RHSA-2020:0128 https://access.redhat.com/errata/RHSA-2020:0157 https://access.redhat.com/errata/RHSA-2020:0196 https://access.redhat.com/errata/RHSA-2020:0202 https://access.redhat.com/errata/RHSA-2020:0231 https://access.redhat.com/errata/RHSA-2020:0 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 1CVE-2019-19906 – cyrus-sasl: denial of service in _sasl_add_string function
https://notcve.org/view.php?id=CVE-2019-19906
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. cyrus-sasl (también se conoce como Cyrus SASL) versión 2.1.27, presenta una escritura fuera de límites conllevando a una denegación de servicio remota no autenticada en OpenLDAP por medio de un paquete LDAP malformado. El bloqueo de OpenLDAP es causado en última instancia por un error por un paso en la función _sasl_add_string en el archivo common.c en cyrus-sasl. • http://seclists.org/fulldisclosure/2020/Jul/23 http://seclists.org/fulldisclosure/2020/Jul/24 http://www.openwall.com/lists/oss-security/2022/02/23/4 https://github.com/cyrusimap/cyrus-sasl/issues/587 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/12/msg00027.h • CWE-193: Off-by-one Error CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •