GHSA-6CR4-7C7P-P3XV Use of Hard-coded Cryptographic Key in Apache Tomcat

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

Apache Tomcat 5.5.x < 5.5.34 Multiple Vulnerabilities - Linux

Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Tomcat 7.0.x < 7.0.11 Multiple Vulnerabilities - Linux

Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-1852)

According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when...

Squid 5.x < 5.0.2 Multiple Vulnerabilities

According to its self-reported version number, the version of Squid installed on the remote host is 5.x 5.0.2 or prior to 4.11. It is, therefore, affected by multiple vulnerabilities: - Due to incorrect buffer handling Squid is vulnerable to cache poisoning, remote execution, and denial of servic...

Squid < 4.9 Multiple Vulnerabilities

According to its self-reported version number, the version of Squid installed on the remote host is prior to 4.9. It is, therefore, affected by multiple vulnerabilities: - A heap overflow and possible a remote code execution exist due to incorrect buffer management when processing URN...

Squid < 4.11 Multiple Vulnerabilities

According to its self-reported version number, the version of Squid installed on the remote host is 5.x 5.0.2 or prior to 4.11. It is, therefore, affected by multiple vulnerabilities: - Due to incorrect buffer handling Squid is vulnerable to cache poisoning, remote execution, and denial of servic...

EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse

!/usr/bin/env python3 -- coding: utf-8 -- EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse Vendor: Embedthis Software LLC Product web page: https://www.embedthis.com Affected version: =5.1.2 and =4.1.3 Summary: GoAhead is the world's most popular, tiny embedded...

EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse

Summary GoAhead is the world's most popular, tiny embedded web server. It is compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices. Description A security vulnerability affecting GoAhead versions 2 to 5 has been...

Information Disclosure

squid3 is vulnerable to information disclosure. The vulnerability exists due to incorrect data management when processing HTTP Digest Authentication where nonce tokens that contain the raw byte value of a pointer that sits within heap memory allocation, reducing ASLR protections...

Amazon Linux 2 : squid (ALAS-2020-1486)

The version of squid installed on the remote host is prior to 3.5.20-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1486 advisory. An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive informatio...

SUSE-SU-2020:14460-1 Security update for squid3

This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack CVE-2020-15049, bsc1173455 - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses CVE-2019-12519,...

CVE-2020-15688

The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel...

Authentication flaw

The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel...

CVE-2020-15688

Vulnerability context: GoAhead Web Server before 5.1.2 is susceptible to a Digest authentication replay attack. An unauthenticated remote attacker can bypass authentication via capture-replay if TLS is not protecting the channel. The issue is tied to the Digest authentication implementation, not ...

SUSE SLES12 Security Update : squid (SUSE-SU-2020:1227-1)

This update for squid fixes the following issues : CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses bsc1169659. CVE-2020-11945: fixes a potential remote execution...

Security update for squid (important)

openSUSE Security Update: Security update for squid Announcement ID: openSUSE-SU-2020:0623-1 Rating: important References: 1162689 1162691 1167373 1169659 1170313 Cross-References: CVE-2019-12519 CVE-2019-12521 CVE-2019-12528 CVE-2019-18860 CVE-2020-11945 CVE-2020-8517 Affected Products: openSUSE...

Updated squid packages fix security vulnerability

Updated squid packages fix security vulnerability: Due to an integer overflow bug Squid is vulnerable to credential replay and remote code execution attacks against HTTP Digest Authentication tokens. When memory pooling is used this problem allows a remote client to replay a sniffed Digest...

MGASA-2020-0187 Updated squid packages fix security vulnerability

Updated squid packages fix security vulnerability: Due to an integer overflow bug Squid is vulnerable to credential replay and remote code execution attacks against HTTP Digest Authentication tokens. When memory pooling is used this problem allows a remote client to replay a sniffed Digest...

SUSE SLES12 Security Update : squid (SUSE-SU-2020:1134-1)

This update for squid to version 4.11 fixes the following issues : CVE-2020-11945: Fixed a potential remote code execution vulnerability when using HTTP Digest Authentication bsc1170313. CVE-2019-12519, CVE-2019-12521: Fixed incorrect buffer handling that can result in cache poisoning, remote...