Vulnerabilities (CVE)

Vendor filter

Netapp Subscribe

Product filter

Santricity Cloud Connector Subscribe

Filter

13 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-12538 2 Eclipse, Netapp 10 Jetty, E-series Santricity Management Plug-ins, E-series Santricity Web Services Proxy and 7 more 2019-10-09 6.5
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete...
CVE-2018-2826 3 Oracle, Netapp, Canonical 13 Jdk, Jre, Cloud Backup and 10 more 2019-10-03 5.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2017-7657 3 Eclipse, Debian, Netapp 10 Jetty, Debian Linux, E-series Santricity Management and 7 more 2019-08-21 7.5
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer...
CVE-2018-1303 4 Apache, Debian, Netapp and 1 more 7 Http Server, Debian Linux, Santricity Cloud Connector and 4 more 2019-08-15 5.0
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users...
CVE-2018-1302 4 Apache, Debian, Netapp and 1 more 7 Http Server, Debian Linux, Clustered Data Ontap and 4 more 2019-08-15 4.3
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability...
CVE-2018-1301 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Clustered Data Ontap and 5 more 2019-08-15 4.3
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to...
CVE-2018-1283 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Santricity Cloud Connector and 5 more 2019-08-15 3.5
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the...
CVE-2017-15715 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Santricity Cloud Connector and 5 more 2019-08-15 6.8
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of...
CVE-2017-15710 5 Apache, Canonical, Debian and 2 more 8 Http Server, Ubuntu Linux, Debian Linux and 5 more 2019-08-15 5.0
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials....
CVE-2018-1312 5 Apache, Debian, Canonical and 2 more 8 Http Server, Debian Linux, Ubuntu Linux and 5 more 2019-07-29 6.8
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication...
CVE-2019-0190 4 Apache, Netapp, Openssl and 1 more 4 Http Server, Santricity Cloud Connector, Openssl and 1 more 2019-07-23 5.0
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP...
CVE-2018-17199 5 Apache, Netapp, Debian and 2 more 6 Http Server, Santricity Cloud Connector, Debian Linux and 3 more 2019-07-23 5.0
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the...
CVE-2018-17189 5 Apache, Netapp, Debian and 2 more 6 Http Server, Santricity Cloud Connector, Storage Automation Store and 3 more 2019-07-23 5.0
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2...