[SECURITY] Fedora 34 Update: jetty-9.4.40-1.fc34

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in ord er to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution Exploit (2)

Exploit Title: GNU Wget 1.18 - Arbitrary File Upload / Remote Code Execution 2 Original Exploit Author: Dawid Golunski Exploit Author: liewehacksie Version: GNU Wget 1.18 CVE: CVE-2016-4971 import http.server import socketserver import socket import sys class...

GNU wget Arbitrary File Upload / Code Execution

Exploit Title: GNU Wget 1.18 - Arbitrary File Upload / Remote Code Execution 2 Original Exploit Author: Dawid Golunski Exploit Author: liewehacksie Version: GNU Wget 1.18 CVE: CVE-2016-4971 import http.server import socketserver import socket import sys class...

Exploit for Cross-site Scripting in Apache Http_Server

This is a PoC exploit for CVE-2019-10092, a Limited Cross-Site Scripting in modproxy Error Page-Apache httpd vulnerability. The target product/service is Apache HTTP Server, and the vulnerability class/vector is XSS. The probable entry points are the start.sh script, which invokes the Apache serv...

[SECURITY] Fedora 32 Update: jetty-9.4.40-1.fc32

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in ord er to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

[SECURITY] Fedora 33 Update: jetty-9.4.40-1.fc33

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in ord er to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

Security Bulletin: IBM License Metric Tool v7.2.2 and v7.5 and IBM Tivoli Asset Discovery for Distributed v7.2.2 and v7.5 are vulnerable to Padding Oracle On Downgraded Legacy Encryption (POODLE) attack on TLS connections (CVE-2014-8730)

Summary TLS protocol support used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed is vulnerable to POODLE TLS attack CVE-2014-8730. This attack enables a man-in-the-middle attacker to decrypt and intercept communications, including user-server and agent-server messages...

PT-2021-5273 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.30 through 2.4.48 Description: A carefully crafted request uri-path can cause mod proxy uwsgi to read above the allocated memory and crash, resulting in a denial of service DoS. The issue is related to the mod...

Apache Httpd < 2.4.49 : mod_proxy_uwsgi out of bound read

A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive...

Oracle HTTP Server (Apr 2021 CPU)

The 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 versions of HTTP Server installed on the remote host are affected by a vulnerability as referenced in the April 2021 CPU advisory. - Vulnerability in the Oracle WebLogic Server Proxy Plug-In product of Oracle Fusion Middleware component: SSL Module Dell...

CVE-2021-2315

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Design/Logic Flaw

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2021-2315

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2021-2315

CVE-2021-2315 affects Oracle HTTP Server (Web Listener) in Oracle Fusion Middleware. Affected versions: 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0. Description: unauthenticated attackers can access via HTTP and may compromise data, with possible unauthorized update/insert/delete and read access. Exploita...

CVE-2021-2315

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

PT-2021-3712 · Apache +3 · Apache Http Server +4

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.47 mod http2 version 1.15.17 Description: The issue is related to the HTTP/2 protocol handler in the Apache HTTP Server, which checks received request headers against size limitations. If these restrictions are...

Apache Httpd < 2.4.48 : NULL pointer dereference on specially crafted HTTP/2 request

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...

Oracle Fusion Middleware Input Validation Error Vulnerability (CNVD-2021-33844)

Oracle HTTP Server is the web server component of Oracle Fusion Middleware. A security vulnerability exists in the Web Listener component in Oracle HTTP Server versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0. An attacker could exploit this vulnerability to compromise Oracle HTTP Server by allowin...

Swissknife - Scriptable VSCode Extension To Generate Or Manipulate Data. Stop Pasting Sensitive Data In Webpag

The developers swissknife. Do conversions and generations right out of vs code. Extendable with user scripts Available in the Visual Studio Marketplace Currently available scripts Base64 decode Base64 encode Binary To Text Bip39 Mnemonic CSV to Markdown Count characters Count words Crypto currenc...

RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 (RHSA-2021:1199)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1199 advisory. This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. This release...