Updated coturn packages fix security vulnerability

Updated the coturn package in order to fix some security vulnerabilities: httpserver.c: An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attack...

Security Bulletin: Vulnerabilities CVE-2020-1927 and CVE-2020-1934 in Apache HTTP Server affect IBM i

Summary Apache HTTP Server is supported on IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-1927 DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the modrewrite module. An...

CVE-2020-7670

agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 9 security update

An update is now available for Red Hat JBoss Web Server 3.1, for RHEL 6, RHEL 7 and Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

SUSE-SU-2020:14391-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues: java-171-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 bsc1172277 and bsc1169511 - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved...

HFS Http File Server 2.3m Build 300 Buffer Overflow Exploit

HFS Http File Server version 2.3m build 300 suffers from a remote buffer overflow vulnerability that can lead to a denial of service. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

The vulnerability of the Lightweight HTTP Server component in Oracle Java SE and Oracle Java SE Embedded software platforms allows attackers to modify, add, or delete data, or gain unauthorized access to protected information.

The vulnerability of the Lightweight HTTP Server component in Oracle Java SE and Oracle Java SE Embedded software platforms is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data, or gain unauthorized access to...

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.1.13 security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Amazon Linux AMI : httpd24 (ALAS-2020-1370)

The version of httpd24 installed on the remote host is prior to 2.4.43-1.89. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1370 advisory. In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential...

Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2020-1927, CVE-2020-1934)

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Low: httpd24

Issue Overview: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.CVE-2020-1927 In Apache HTTP Server 2.4.0 to 2.4.41,...

Medium: python

Issue Overview: http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has anoth...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1601)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Web Listener component of the Oracle HTTP Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Web Listener component of the Oracle HTTP Server is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP network protocol...

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2020-1601)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server.CVE-2020-1934 - In Apache...

Fedora: Security Advisory for php (FEDORA-2020-3ea2253402)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for php (FEDORA-2020-9fa7f4e25c)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: httpd24-httpd and httpd24-mod_md security and enhancement update

An update for httpd24-httpd and httpd24-modmd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Forma.LMS 5.6.40 Cross Site Request Forgery

Exploit Title: forma.lms 5.6.40 - Cross-Site Request Forgery Change Admin Email Date: 2020-05-21 Exploit Author: Daniel Ortiz Vendor Homepage: https://sourceforge.net/projects/forma/ Tested on: XAMPP for Linux 64bit 5.6.40-0 1 - Description - Vulnerable form: Edit Profile - Details: The validatio...

Amazon Linux 2 : httpd (ALAS-2020-1427)

The version of httpd installed on the remote host is prior to 2.4.43-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1427 advisory. In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server...