Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Http_server
(Oracle)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 101 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-12-07 | CVE-2021-42717 | ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4. | Debian_linux, Nginx_modsecurity_waf, Http_server, Zfs_storage_appliance_kit, Modsecurity | 7.5 | ||
| 2021-12-13 | CVE-2021-43818 | lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. | Debian_linux, Fedora, Lxml, Hci_storage_node_firmware, Solidfire, Solidfire_enterprise_sds, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_network_exposure_function, Communications_cloud_native_core_policy, Http_server, Zfs_storage_appliance_kit | 7.1 | ||
| 2021-12-20 | CVE-2021-44224 | A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). | Http_server, Mac_os_x, Macos, Debian_linux, Fedora, Communications_element_manager, Communications_operations_monitor, Communications_session_report_manager, Communications_session_route_manager, Http_server, Instantis_enterprisetrack, Tenable\.sc | 8.2 | ||
| 2021-12-30 | CVE-2021-4181 | Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | Debian_linux, Fedora, Http_server, Zfs_storage_appliance_kit, Wireshark | 7.5 | ||
| 2021-12-30 | CVE-2021-4182 | Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | Fedora, Http_server, Zfs_storage_appliance_kit, Wireshark | 7.5 | ||
| 2021-12-30 | CVE-2021-4183 | Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file | Fedora, Http_server, Zfs_storage_appliance_kit, Wireshark | 5.5 | ||
| 2021-12-30 | CVE-2021-4184 | Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | Debian_linux, Fedora, Http_server, Zfs_storage_appliance_kit, Wireshark | 7.5 | ||
| 2021-12-30 | CVE-2021-4185 | Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | Debian_linux, Fedora, Http_server, Zfs_storage_appliance_kit, Wireshark | 7.5 | ||
| 2022-01-19 | CVE-2022-21271 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized... | 7\-Mode_transition_tool, Active_iq_unified_manager, Cloud_insights_acquisition_unit, Cloud_secure_agent, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Santricity_unified_manager, Snapmanager, Solidfire, Graalvm, Http_server, Jdk, Jre, Solaris, Zfs_storage_appliance_kit | N/A | ||
| 2022-01-19 | CVE-2022-21375 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS... | Http_server, Solaris, Zfs_storage_appliance_kit | N/A |