256 matches found
CVE-2013-7177
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
UBUNTU-CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
UBUNTU-CVE-2013-7177
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7177
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7176
CVE-2013-7176 affects Fail2ban, where config/filter.d/postfix.conf in the Fail2ban filter could allow a remote attacker to trigger an IP ban on an arbitrary address via a crafted email address due to an improperly designed regular expression. The issue is addressed in Debian security advisories w...
CVE-2013-7177
Summary of CVE-2013-7177 : Fail2ban (vulnerable up to 0.8.10) contains a faulty cyrus-imap failregex in its config filter (config/filter.d/cyrus-imap.conf). The improper design allows remote attackers to trigger the banning of an arbitrary IP via a crafted email address, due to regex weaknesses i...
CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
CVE-2013-7177
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression...
Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities
Overview Fail2ban versions prior to 0.8.11 are susceptible to a denial-of-service attack when a maliciously crafted email address is parsed by the postfix or cyrus-imap filters. If users have not deployed either of these filters then they are not affected. Description Fail2ban versions prior to...
Amazon Linux AMI : fail2ban (ALAS-2013-209)
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request. C Tenable Network Security, Inc. The...
CVE-2013-2178
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request...
CVE-2013-2178
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request...
DEBIAN-CVE-2013-2178
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request...
Cross site request forgery (csrf)
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request...
CVE-2013-2178
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request...
CVE-2013-2178
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request...
CVE-2013-2178
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request...
CVE-2013-2178
The CVE-2013-2178 vulnerability affects Fail2ban before 0.8.10, where the files apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf do not properly validate log messages. This allows a remote attacker to block arbitrary IP addresses by crafting specific messages ...
Fail2ban 0.8.9, Denial of Service (Apache rules only)
Version 0.8.9 latest of Fail2ban allows to perform remote denial of service for arbitrary chosen IP address. Address listed on Fail2ban's whitelist are not affected. The vulnerability exists in Apache rules and it is caused by improper validation of a log file by regular expression. Malicious use...