Security Bulletin: IBM Sterling B2B Integrator HTTP Range Header Vulnerability (CVE-2013-0494)

Summary IBM Sterling B2B Integrator is subject to HTTP Byte Range Denial Of Service attacks. Vulnerability Details CVE ID: CVE-2013-0494 DESCRIPTION: IBM Sterling B2B Integrator is subject to HTTP Byte Range Denial Of Service attacks. Specially crafted HTTP Range or Request-Range request headers...

Design/Logic Flaw

The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correctly handle requests for byte sequences, allowing an attacker to amplify the response size by requesting the entire response body repeatedly, as demonstrated by an HTTP Range header value beginning with the "bytes=0-,0-" substri...

CVE-2018-19791

LiteSpeed OpenLiteSpeed before 1.5.0 RC6 is affected. The server mishandles requests for byte sequences, allowing an attacker to amplify response size by repeatedly requesting the entire response body with an HTTP Range value starting with bytes=0-,0-. This can cause a Denial of Service (availabi...

CVE-2017-7529 Nginx integer overflow vulnerability analysis-vulnerability warning-the black bar safety net

1, the vulnerability described in In the Nginx range filter in the presence of an integer overflow vulnerability that can be through with the special structure of the range of the HTTP header of the malicious request to trigger this integer overflow vulnerability, and lead to information leakage...

Debian DSA-3908-1 : nginx - security update

An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

[SECURITY] [DSA 3908-1] nginx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3908-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 12, 2017 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3908-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-5850

httpd in OpenBSD allows remote attackers to cause a denial of service memory consumption via a series of requests for a large file using an HTTP Range header...

CVE-2017-5850

httpd in OpenBSD allows remote attackers to cause a denial of service memory consumption via a series of requests for a large file using an HTTP Range header...

Cerber Ransomware On The Rise, Fueled By Dridex Botnet

Starting in April security experts at FireEye spotted a massive uptick in Cerber ransomware attacks delivered via a rolling wave of spam. Researchers there link the Cerber outbreaks to the fact that attackers are now leveraging the same spam infrastructure credited for making the potent Dridex...

Cerber Ransomware Partners with the Dridex Spam Distributor

Cerber ransomware incorporates the unusual feature of “speaking” its ransom message after successfully infecting a user machine and encrypting files. Cerber was first seen in the wild at the end of February 2016 and was observed being delivered mostly via exploit kits EK, notably using Magnitude...

Cerber Ransomware Partners with the Dridex Spam Distributor

Cerber ransomware incorporates the unusual feature of “speaking” its ransom message after successfully infecting a user machine and encrypting files. Cerber was first seen in the wild at the end of February 2016 and was observed being delivered mostly via exploit kits EK, notably using Magnitude...

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released

CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.6.13, 2.7.11, 2.8.2, 3.0.17, 3.1.12, and 3.2.5. These releases contain security fixes. 3.2.5 and 2.8.2 also contain bugfixes. Security Fixes These...

Amazon Linux: Security Advisory (ALAS-2014-411)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : squid (ALAS-2014-433)

A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. CVE-2014-3609 A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send HTTP requests to...

Important: squid

Issue Overview: A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. CVE-2014-3609 A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send...

Scientific Linux Security Update : squid on SL5.x, SL6.x i386/x86_64 (20140903)

A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. CVE-2014-3609 A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send HTTP requests to...

RHEL 7 : squid (RHSA-2014:1147)

Updated squid packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from...

RHEL 5 / 6 : squid (RHSA-2014:1148)

An updated squid package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

squid security update

CentOS Errata and Security Advisory CESA-2014:1148 An updated squid package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...