[SECURITY] Fedora 32 Update: httpd-2.4.46-1.fc32

The Apache HTTP Server is a powerful, efficient, and extensible web server...

[SECURITY] Fedora 32 Update: jetty-9.4.31-2.fc32

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in ord er to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

Low: httpd24

Issue Overview: No CVE associated with this advisory Affected Packages: httpd24 Issue Correction: Run yum update httpd24 or yum update --advisory ALAS-2020-1418 to update your system. New Packages: i686: mod24proxyhtml-2.4.46-1.90.amzn1.i686 httpd24-tools-2.4.46-1.90.amzn1.i686 ...

EulerOS 2.0 SP8 : php (EulerOS-SA-2020-1874)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1854)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging...

Directory Traversal

min-http-server is vulnerable to directory traversal. The vulnerability exists as it does not sanitize the value of fullStaticPath in index.js...

CVE-2020-7377

The Metasploit Framework module "auxiliary/admin/http/telpho10credentialdump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP...

CVE-2020-7377

The Metasploit Framework module "auxiliary/admin/http/telpho10credentialdump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP...

Path traversal

The Metasploit Framework module "auxiliary/admin/http/telpho10credentialdump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP...

CVE-2020-7377

The CVE-2020-7377 vulnerability affects the Metasploit Framework module auxiliary/admin/http/telpho10_credential_dump , where the untar method implements a relative path traversal . This can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is ru...

CVE-2020-7377 Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module

The Metasploit Framework module "auxiliary/admin/http/telpho10credentialdump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, a component of IBM WebSphere Application Server, which is required product for IBM Tivoli Netcool Configuration Manager (CVE-2018-20843)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM HTTP Server, a component product of IBM WebSphere Application Server, has been published in a security bulletin...

Rocket.Chat: Session Hijack via Self-XSS

Summary: It's possible to hijack a session by tricking the user to perform a Self-XSS on the drag and drop functionality in the chat. Description: Self-XSS is an underrated vulnerability that can have a harmful impact on the users of the application like here, after we get access to the user's...

[SECURITY] Fedora 32 Update: php-7.4.9-1.fc32

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Ruijie Networks Switch eWeb S29_RGOS 11.4 - Directory Traversal

Exploit Title: Ruijie Networks Switch eWeb S29RGOS 11.4 - Directory Traversal Exploit Author: Tuygun Date: 2020-08-19 Vendor Homepage: https://www.ruijienetworks.com/ Version: eWeb S29RGOS 11.41B12P11 Source : https://faruktuygun.com/directorytraversal.html Proof of Concept Request: GET...

Updated apache packages fix security vulnerability

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

MGASA-2020-0327 Updated apache packages fix security vulnerability

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

...

Debian DLA-2330-1 : jruby security update

Several vulnerabilities were fixed in JRuby, a 100% pure-Java implementation of Ruby. CVE-2017-17742 CVE-2019-16254 HTTP Response Splitting attacks in the HTTP server of WEBrick. CVE-2019-16201 Regular Expression Denial of Service vulnerability of WEBrick's Digest access authentication...

Debian: Security Advisory (DLA-2330-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...