Topic

WebSocket

A collection of 3 issues

CVE-2022-33682

The Apache Pulsar Broker, Proxy, and WebSocket Proxy clients communicate with each other over a secured connection using the pulsar+ssl protocol. The SSL/TLS protocol provides hostname verification, which is the process of verifying that the server with which the client is communicating is the server that the client

CVE-2022-37797 In lighttpd 1.4.65, mod_wstunnel doesn't initialize a handler function pointer if an invalid HTTP request is received. This leads to a crash.

mod_wstunnel 1.0.9 and later is not affected by this issue. * mod_wstunnel 1.0.9 and later is not affected by this issue. Affected version The issue affects only versions of lighttpd prior to 1.4.65. It does not affect the latest version of lighttpd which

CVE-2022-22971 Spring versions before 5.3.20 and 5.2.22 were vulnerable to a DoS attack with STOMP over WebSocket.

In such a scenario, the user connects to the authenticated server and sends a message to the STOMP over WebSocket endpoint (such as “hello” or “world”). The attacker also connects to the server and sends a message to the STOMP over WebSocket endpoint (such as “hello” or “world”). Since the