Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
h2o vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2016-7835
Use-after-free vulnerability in H2O allows remote malicious users to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.
H2o Project H2o 2.1.0
Dena H2o
NA
CVE-2023-6016
An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature.
H2o H2o -
NA
CVE-2023-6017
H2O included a reference to an S3 bucket that no longer existed allowing an malicious user to take over the S3 bucket URL.
H2o H2o -
NA
CVE-2023-6038
A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote malicious users to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not req...
H2o H2o -
NA
CVE-2023-6013
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.
H2o H2o -
NA
CVE-2023-6569
External Control of File Name or Path in h2oai/h2o-3
H2o H2o 3.40.0.4
NA
CVE-2023-41337
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that al...
Dena H2o
Dena H2o 2.3.0
NA
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerab...
Dena H2o
Dena H2o 2.3.0
383
VMScore
CVE-2016-1133
CRLF injection vulnerability in the on_req function in lib/handler/redirect.c in H2O prior to 1.6.2 and 1.7.x prior to 1.7.0-beta3 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URI.
Dena H2o
Dena H2o 1.7.0
445
VMScore
CVE-2016-4864
H2O versions 2.0.3 and previous versions and 2.1.0-beta2 and previous versions allows remote malicious users to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.
Dena H2o
Dena H2o 2.1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »