Количество 5
Количество 5
CVE-2024-3653
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.
CVE-2024-3653
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.
CVE-2024-3653
A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.
CVE-2024-3653
A vulnerability was found in Undertow. This issue requires enabling th ...
GHSA-ch7q-gpff-h9hp
Undertow Missing Release of Memory after Effective Lifetime vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-3653 A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request. | CVSS3: 5.3 | 7% Низкий | больше 1 года назад |
 | CVE-2024-3653 A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request. | CVSS3: 5.3 | 7% Низкий | больше 1 года назад |
 | CVE-2024-3653 A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request. | CVSS3: 5.3 | 7% Низкий | больше 1 года назад |
| CVE-2024-3653 A vulnerability was found in Undertow. This issue requires enabling th ... | CVSS3: 5.3 | 7% Низкий | больше 1 года назад |
| GHSA-ch7q-gpff-h9hp Undertow Missing Release of Memory after Effective Lifetime vulnerability | CVSS3: 5.3 | 7% Низкий | больше 1 года назад |
Уязвимостей на страницу