Security Bulletin: HTTP Request smuggling vulnerability may affect IBM HTTP Server (CVE-2015-3183)

Summary Request smuggling vulnerability may affect the IBM HTTP Server used by IBM WebSphere Application Server Vulnerability Details CVEID: CVE-2015-3183 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by a chunk header parsing flaw in the aprbrigadeflatten...

Security Bulletin: Vulnerabilities in the GSKit component of IBM HTTP Server (CVE-2016-0201 and CVE-2015-7420)

Summary Two vulnerabilities have been addressed in the GSKit component of IBM HTTP Server. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to...

Security Bulletin: Vulnerability with RSA Export Keys may affect IBM HTTP Server and WebSphere EDGE Caching Proxy (CVE-2015-0138)

Summary The "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability CVE-2015-0138 may affect some configurations of IBM HTTP Server for WebSphere Application Server and IBM WebSphere EDGE caching proxy. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A...

Security Bulletin: Denial of service may affect IBM HTTP Server (CVE-2015-1788)

Summary Denial of service in GSKit may affect IBM HTTP Server, if using SSL with IBM HTTP Server. The IBM HTTP Server is used by IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processi...

Security Bulletin: Redirect HTTP traffic vulnerability may affect IBM HTTP Server (CVE-2016-5387)

Summary There is a vulnerability that allows redirecting of HTTP traffic with CGI applications that may affect IBM HTTP Server IHS. This vulnerability is known as "HTTPOXY". Vulnerability Details CVEID: CVE-2016-5387 DESCRIPTION: Apache HTTP Server could allow a remote attacker to redirect HTTP...

Security Bulletin: TLS padding vulnerability affects IBM HTTP Server (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM HTTP Server. Vulnerability Details CVE-ID : CVE-2014-8730 DESCRIPTION : IBM HTTP Server could allow a remote attacker to obtain sensitive information,...

Security Bulletin: Vulnerability in SSLv3 affects IBM HTTP Server (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled by default in the Apache based IBM HTTP Server. Vulnerability Details CVE ID: CVE-2014-3566 DESCRIPTION: IBM HTTP Server could allow a remote...

Security Bulletin: Denial of service may affect IBM HTTP Server (CVE-2015-1283)

Summary Denial of service may affect IBM HTTP Server. The IBM HTTP Server is used by IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-1283 DESCRIPTION: Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403....

Security Bulletin: Multiple Denial of Service vulnerabilities with Expat may affect IBM HTTP Server

Summary There are several vulnerabilities that may affect IBM HTTP Server that is used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2012-0876 DESCRIPTION: Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM HTTP Server and Caching Proxy (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" SSL/TLS may affect some configurations of the IBM HTTP Server and some configurations of the IBM Caching Proxy for WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol,...

Fedora: Security Advisory for rubygem-puma (FEDORA-2022-52d0032596)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-puma (FEDORA-2022-de968d1b6c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: IBM Aspera Faspex 4.4.1 and earlier has addressed an Apache vulnerabilitiy (CVE-2021-40438)

Summary This security bulletin addresses an Apache security vulnerabilitiy that have been remediated in IBM Aspera Faspex 4.4.2. Vulnerability Details CVEID:CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in modproxy. By sending a...

Security Bulletin: IBM Aspera Faspex 4.4.2 has addressed multiple security vulnerabilities

Summary This security bulletin addresses multiple security vulnerabilities that have been remediated in IBM Aspera Faspex 4.4.2. Vulnerability Details CVEID:CVE-2021-39275 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking by the apescapequotes...

[SECURITY] Fedora 36 Update: rubygem-puma-5.5.2-3.fc36

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker...

[SECURITY] Fedora 35 Update: rubygem-puma-4.3.6-5.fc35

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker...

Amazon Linux 2022 : httpd, httpd-core, httpd-devel (ALAS2022-2022-110)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-110 advisory. An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests...

CVE-2022-36032

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...

Design/Logic Flaw

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...

CVE-2022-36032

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...