Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in October 2018, January 2019, April 2019, July 2019 and October 2019. IBM Cognos Business Intelligence...

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Cognos Analytics. These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018, April 2018, July 2018, October 2018, January 2019 and April 2019. Cognos Analytics has...

http_server path traversal vulnerability (CNVD-2019-46974)

httpserver is an HTTP server utility class. A path traversal vulnerability exists in httpserver. The vulnerability stems from a failure of a network system or product to properly filter special elements in the path of a resource or file. An attacker could use this vulnerability to access location...

CVE-2019-15600

A Path traversal exists in httpserver which allows an attacker to read arbitrary system files...

Path traversal

A Path traversal exists in httpserver which allows an attacker to read arbitrary system files...

CVE-2019-15600

CVE-2019-15600 concerns the Node.js http_server module (version 1.0.12) with a path traversal that lets an attacker read arbitrary system files. Multiple sources describe a symlink-based traversal: a symbolically linked file in the working directory can cause the server to expose files outside th...

Security Bulletin: Vulnerability CVE-2017-9798 in the IBM i HTTP Server affects IBM i.

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-9798 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by a flaw in the HTTP OPTIONS method, aka Optionsbleed. By sending a...

Security Bulletin: IBM i Integrated Web Application Server version 8.5 is affected by multiple vulnerabilities.

Summary IBM i Integrated Web Application Server version 8.5 is affected by multiple security vulnerabilities. Vulnerability Details CVEID: CVE-2016-0385 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to bypass security restrictions caused by a buffer overflow. This...

Security Bulletin: Vulnerabilities CVE-2019-0196, CVE-2019-0197, and CVE-2019-0220 in the IBM i HTTP Server affect IBM i.

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. This security bulletin has been updated, on August 8, 2019, as superseding IBM i PTFs are available for CVE-2019-0220 for IBM i 7.2, 7.3, and 7.4. This security bulletin has been updated, on June 21, 2019, as...

Security Bulletin: Vulnerability CVE-2018-11763 in the IBM i HTTP Server affects IBM i.

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-11763 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By sending continuous overly large SETTINGS frames of maximum size to keep the ongoing HTTP/2...

Security Bulletin: Vulnerabilities CVE-2016-5387 and CVE-2016-5388 in IBM i HTTP Server

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-5388 DESCRIPTION: Apache Tomcat could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from the presence of...

Security Bulletin: Vulnerabilities CVE-2017-12613 and CVE-2017-12618 in the IBM i HTTP Server affect IBM i.

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-12613 DESCRIPTION: Apache Portable Runtime APR could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds array dereference in aprtimeexp...

Security Bulletin: Vulnerabilities CVE-2016-0736, CVE-2016-2161 and CVE-2016-8743 in IBM i HTTP Server

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in modsessioncrypto. By sending specially crafted data, a remo...

Security Bulletin: Multiple vulnerabilities in the IBM i HTTP Server affect IBM i.

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-9517 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by an Internal Data Buffering attack. By opening the HTTP/2 window so the peer can send withou...

Security Bulletin: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668 and CVE-2017-7679 in IBM i HTTP Server

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a specially crafted Content-Ty...

Exploit for Cross-site Scripting in Apache Http_Server

CVE-2019-10092 Docker - Apache HTTP Server Using $ d...

Oracle Application / HTTP Server Detection (HTTP)

HTTP based detection of the Oracle Application Server AS or Oracle HTTP Server. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update

An update for httpd24, httpd24-httpd, and httpd24-nghttp2 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

EulerOS 2.0 SP2 : httpd (EulerOS-SA-2019-2402)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Possible CRLF injection allowing HTTP response splitting attacks for sites which use moduserdir. This issue was mitigated by changes made in 2.4....

Directory Traversal

node-static is vulnerable to directory traversal. When the static HTTP server is run with indexFile option and can somehow be controlled by a malicious local user, the directory traversal ../ characters can be injected to access confidential files outside of the web directory. This can also...