Metasploit Weekly Wrap-Up

## Capture Plugin ![Metasploit Weekly Wrap-Up](https://blog.rapid7.com/content/images/2022/03/metasploit-fence-2.png) Capturing credentials is a critical and early phase in the playbook of many offens ...

Continue Reading
Security Bulletin: IBM UrbanCode Build is affected by CVE-2021-42340

## Summary IBM UrbanCode Build is affected by CVE-2021-42340 ## Vulnerability Details ** CVEID: **[CVE-2021-42340]() ** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by a m ...

Continue Reading
(RHSA-2022:1029) Important: Red Hat Integration Camel-K 1.6.4 release and security update

A micro version update (from 1.6.3 to 1.6.4) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the Referenc ...

Continue Reading
Denial Of Service (DoS)

spring-messaging is vulnerable to denial of service. The vulnerability exists because the `handleMessageInternal` function of `SimpleBrokerMessageHandler.java` does not properly handle to ignore the i ...

Continue Reading
CVE-2022-25762

A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has ...

Continue Reading
Allocation of Resources Without Limits or Throttling in Spring Framework

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated u ...

Continue Reading
Apache Tomcat 9.0.0.M1 < 9.0.21 vulnerability

The version of Tomcat installed on the remote host is prior to 9.0.21. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.21_security-9 advisory. - If a we ...

Continue Reading
Apache Tomcat 8.5.x < 8.5.76 Request Mix-Up

The version of Apache Tomcat installed on the remote host is 8.5.0 to 8.5.75 or 9.0.0.M1 to 9.0.20. It is, therefore, affected by a request mix-up vulnerability. If a web application sends a WebSocket ...

Continue Reading

Back to Main

Subscribe for the latest news: