[
May 30, 2022
## 1. EXECUTIVE SUMMARY * **CVSS v3 9.8** * **ATTENTION: **Exploitable remotely/low attack complexity * **Vendor:** Aethon (owned by ST Engineering) * **Equipment: **TUG Home Base Server * * ...
Continue Reading
May 30, 2022
## Capture Plugin  Capturing credentials is a critical and early phase in the playbook of many offens ...
Continue Reading
May 30, 2022
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated u ...
Continue Reading
May 30, 2022
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that ...
Continue Reading
May 30, 2022
spring-messaging is vulnerable to denial of service. The vulnerability exists because the `handleMessageInternal` function of `SimpleBrokerMessageHandler.java` does not properly handle to ignore the i ...
Continue Reading
May 30, 2022
A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has ...
Continue Reading
May 30, 2022
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated u ...
Continue Reading
May 30, 2022
Back to Main
