CVE-2021-3688

MEDIUM Year: 2021
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Related Vulnerabilities

CVE-2016-5696

MEDIUM
CVSS:4.8(Medium)

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-win...

CWE-2002016

CVE-2017-3742

MEDIUM
CVSS:4.8(Medium)

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for thi...

CWE-2002017

CVE-2018-10229

MEDIUM
CVSS:4.8(Medium)

A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API.

CWE-2002018

CVE-2022-0722

MEDIUM
CVSS:4.8(Medium)

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0.

CWE-2002022

CVE-2023-49292

MEDIUM
CVSS:4.8(Medium)

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate(), Decapsulate() and ECDH() could be called by an attacker, they could recover any private ke...

CWE-2002023

CVE-2024-21140

MEDIUM
CVSS:4.8(Medium)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: ...

CWE-2002024