PT-2014-3554 · Red Hat · Red Hat Jboss Enterprise Application Platform +2

Name of the Vulnerable Software and Affected Versions: Red Hat JBoss Web Framework Kit version 2.5.0 JBoss Enterprise Application Platform JBEAP version 5.2.0 JBoss Enterprise Web Platform JBEWP version 5.2.0 Description: The issue allows remote attackers to execute arbitrary code via a crafted...

Updated libmicrohttpd package fixes security vulnerabilities

The MHDhttpunescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service crash via unspecified vectors that trigger an out-of-bounds read CVE-2013-7038. Stack-based buffer overflow in the MHDdigestauthcheck function in...

CVE-2013-7039

Stack-based buffer overflow in the MHDdigestauthcheck function in libmicrohttpd before 0.9.32, when MHDOPTIONCONNECTIONMEMORYLIMIT is set to a large value, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long URI in an authentication header...

Stack overflow

Stack-based buffer overflow in the MHDdigestauthcheck function in libmicrohttpd before 0.9.32, when MHDOPTIONCONNECTIONMEMORYLIMIT is set to a large value, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long URI in an authentication header...

UBUNTU-CVE-2013-7039

Stack-based buffer overflow in the MHDdigestauthcheck function in libmicrohttpd before 0.9.32, when MHDOPTIONCONNECTIONMEMORYLIMIT is set to a large value, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long URI in an authentication header...

CVE-2013-7039

Stack-based buffer overflow in the MHDdigestauthcheck function in libmicrohttpd before 0.9.32, when MHDOPTIONCONNECTIONMEMORYLIMIT is set to a large value, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long URI in an authentication header...

CVE-2013-5566

Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service supervisor CPU consumption via Authentication Header AH authentication in a Virtual Router Redundancy Protocol VRRP frame, aka Bug ID CSCte27874...

Cisco MDS 9000 NX-OS Software Denial of Service Vulnerability

A vulnerability in the supervisor of the Cisco MDS Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to improper handling of Virtual Router Redundancy Protocol VRRP frames. An attacker could exploit this vulnerability by...

Cisco IOS ISM Module for ISR G2 Authentication Header DoS

The Cisco ISM module for ISR G2 has a denial of service vulnerability. According to its self-reported IOS version, the remote device may be affected by this vulnerability. A remote, authenticated attacker could exploit this issue by sending malformed authentication header packets over an...

CVE-2013-1241

The CVE-2013-1241 issue is a Cisco IOS ISM module DoS on ISR G2 routers caused by improper processing of authentication-header packets. An authenticated remote attacker can trigger a module reload by sending malformed authentication-header packets, impacting IPsec traffic. Cisco has published a s...

Cisco ISM Malformed Authentication Header Packet Denial of Service Vulnerability

A vulnerability in authentication header packets processing on the Cisco ISM module for ISR G2 could allow an authenticated, remote attacker to cause a reload of the affected module. The vulnerability is due to improper processing of malformed authentication header packets. An attacker could...

DEBIAN-CVE-2013-2503

Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 aka Proxy Authentication Required HTTP status code...

tomcat: information disclosure in authentication headers

Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires 1 BASIC or 2 DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the rep...

Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability

Apache Tomcat is prone to a remote information-disclosure vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

squid: DoS (100% CPU use) while processing certain external ACL helper HTTP headers

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function...

Lotus Domino web server vulnerable to buffer overflow via long HTTP authentication header containing non-ASCII characters

Overview A remotely exploitable buffer overflow exists in versions of IBM's Lotus Domino web server prior to R5.0.10. Description A remotely exploitable buffer overflow exists in the Lotus Domino web server. The overflow can occur as the result of an overly long HTTP Authenticate header containin...