SUSE: Security Advisory for jakarta-commons-fileupload (SUSE-SU-2014:0548-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2014-312)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Pivotx Session Fixation Vulnerability

Pivotx is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. A session fixation vulnerability exists in the fileupload.php file in Pivotx versions prior to 2.3.11. A remote attacker can exploit this...

CVE-2015-5458

Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter...

Session fixation

Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter...

CVE-2015-5458

Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter...

apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream

A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter...

Oracle WebCenter Sites Multiple Vulnerabilities (April 2015 CPU)

The Oracle WebCenter Sites installed on the remote host is missing patches from the April 2015 CPU. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker,...

MySQL Enterprise Monitor < 2.3.17 Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted...

MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted...

RHEL 6 : jakarta-commons-fileupload (RHSA-2013:1428)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:1428 advisory. The Apache Commons FileUpload component can be used to add a file upload capability to your applications. A flaw was found in the way the DiskFileIte...

Amazon Linux AMI : tomcat6 (ALAS-2014-344)

It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this fla...

F5 Networks BIG-IP : Apache Commons FileUpload vulnerability (K15189)

MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted Content-Type header that bypasses a loop's intended exit conditions...

Multiple ManageEngine Products 7.0 - 9.0.054 Arbitrary File Upload Vulnerability

Multiple ManageEngine Products are prone to an arbitrary-file-upload vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacke...

IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote...

Apache Commons FileUpload and Apache Tomcat - Denial-of-Service

No description provided by source. CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service Author: Oren Hafif, Trustwave SpiderLabs Research This is a Proof of Concept code that was created for the sole purpose of assisting system administrators in evaluating whether their...

RHEL 5 / 6 : Red Hat JBoss Web Server 2.0.1 tomcat7 (RHSA-2014:0526)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0526 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

openSUSE Security Update : jakarta-commons-fileupload (openSUSE-SU-2014:0527-1)

This jakarta-commons-fileupload update fixes the follwoing security issue : - bnc862781: Fixed buffer overflow and resulting DoS CVE-2014-0050. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : jakarta-commons-fileupload (openSUSE-SU-2014:0528-1)

This jakarta-commons-fileupload update fixes the follwoing security and non security issues : - bnc862781: Fixed buffer overflow and resulting DoS CVE-2014-0050. - Removed gcj part and deprecated macros. - Moved from jpackage-utils to javapackage-tools. %NASLMINLEVEL 70300 C Tenable Network...