Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP Server incorrectly accepting disallowed characters within header values
Vulnerability Description
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0.
CVSS Information
N/A
Vulnerability Type
HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)
Vulnerability Title
Payara Server和Payara Micro 注入漏洞
Vulnerability Description
Payara Server和Payara Micro都是英国Payara公司的产品。Payara Server是一个云原生、创新的开源中间件平台。Payara Micro是一个用于容器化 Jakarta EE (Java EE) 应用程序部署的开源轻量级中间件平台。 Payara Server和Payara Micro存在注入漏洞,该漏洞源于HTTP标头中存在CRLF序列中和不当漏洞,允许操纵状态和身份欺骗。
CVSS Information
N/A
Vulnerability Type
N/A