CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34054 – Reactor Netty HTTP Server Metrics DoS Vulnerability
https://notcve.org/view.php?id=CVE-2023-34054
28 Nov 2023 — In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in integration with Micrometer is enabled. En Reactor Netty HTTP Server, versiones 1.1.x anteriores a 1.1.13 y versiones 1.0.x anteriores a 1.0.39, es posible que un usuario proporcione solicitudes HTTP especialmente... • https://spring.io/security/cve-2023-34054 •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2023-34062
https://notcve.org/view.php?id=CVE-2023-34062
15 Nov 2023 — In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources. En Reactor Netty HTTP Server, versiones 1.1.x anteriores a 1.1.13 y versiones 1.0.x anteriores a 1.0.39, un usuario malintencionado puede enviar una solicitud utilizando una URL especialmen... • https://spring.io/security/cve-2023-34062 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31684 – reactor-netty-http: Log request headers in some cases of invalid HTTP requests
https://notcve.org/view.php?id=CVE-2022-31684
19 Oct 2022 — Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled. El servidor HTTP de Reactor Netty, en versiones 1.0.11 - 1.0.23, puede registrar los encabezados de petición en algunos casos de peticiones HTTP no válidas. Los encabezados registradas pueden revelar los tokens de acceso v... • https://tanzu.vmware.com/security/cve-2022-31684 • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5403 – DoS Via Malformed URL with Reactor Netty HTTP Server
https://notcve.org/view.php?id=CVE-2020-5403
03 Mar 2020 — Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response. Reactor Netty HttpServer, versiones 0.9.3 y 0.9.4, está expuesto a una URISyntaxException que causa que la conexión sea cerrada prematuramente en lugar de producir una respuesta 400. • https://pivotal.io/security/cve-2020-5403 • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-5404 – Authentication Leak On Redirect With Reactor Netty HttpClient
https://notcve.org/view.php?id=CVE-2020-5404
03 Mar 2020 — The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and versions 0.8.x prior to 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to follow redirects. El HttpClient del Reactor Netty, versiones 0.9.x anteriores a 0.9.5, y versiones 0.8.x anteriores a 0.8.16, puede ser usado incorrectamente, conllevando a un filtrado de credenciales durante un redireccionamiento... • https://pivotal.io/security/cve-2020-5404 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11284 – Reactor Netty authentication leak in redirects
https://notcve.org/view.php?id=CVE-2019-11284
17 Oct 2019 — Pivotal Reactor Netty, versions prior to 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to. Pivotal Reactor Netty, versiones anteriores a 0.8.11, pasa los encabezados por medio de redireccionamientos, incluidos los de autorización. Un usuario malicioso no autenticado remoto puede conseguir acceso a credenciales para un servidor diferente al que tiene acceso. • https://pivotal.io/security/cve-2019-11284 • CWE-522: Insufficiently Protected Credentials •