11647 matches found
Node.js third-party modules: [min-http-server] Stored XSS in the filename when directories listing
I would like to report Stored XSS in module "min-http-server". It allows to inject malicious scripts in the file name, store them on the server, then execute these scripts in the browser via the XSS vulnerability. Module module name: min-http-server version: 1.0.6 npm page:...
Node.js third-party modules: [min-http-server] List any file in the folder by using path traversal.
I would like to report Path Traversal in min-http-server. It allows to list any file in another folder of web root. Module module name: min-http-server version: 1.0.6 npm page: https://www.npmjs.com/package/min-http-server Module Description 'min-http-server' is a zero-configuration, lightweight...
Important: Red Hat Security Advisory: mod_auth_mellon security update
An update for modauthmellon is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Important: Red Hat Security Advisory: httpd:2.4 security update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2019-0211, CVE-2019-0220)
Summary IBM HTTP Server IHS is used by IBM Rational ClearQuest. Information about security vulnerabilities affecting IHS has been published in a security bulletin. CVE-2019-0211 affects version 9 non-windows platforms only. Vulnerability Details Refer to the security bulletins listed in the...
Fedora Update for php FEDORA-2018-08ceba4f8f
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for php FEDORA-2018-7ebfe1e6f2
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for php FEDORA-2019-da36d5d484
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for httpd FEDORA-2019-119b14075a
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
RHEL 8 : mod_auth_mellon (RHSA-2019:0985)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:0985 advisory. The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants...
The vulnerability of the Apache HTTP Server web server, related to uncontrolled resource consumption, allows attackers to cause service interruptions.
The vulnerability of the Apache HTTP Server is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions when connecting via HTTP/2 modhttp2...
Node.js third-party modules: [larvitbase-api] Unintended Require
I would like to report Unintended Require vulnerability in larvitbase-api It allows loading arbitary non-production code js files. Module module name: larvitbase-api version: 0.5.3 npm page: https://www.npmjs.com/package/larvitbase-api Module Description REST http API base framework based on...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2018-17199)
Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section. Affected Products and...
[SECURITY] Fedora 28 Update: jetty-9.4.11-3.v20180605.fc28
Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in ord er to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...
Fedora Update for jetty FEDORA-2019-d9f867cb65
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Denial Of Service (DoS)
Apache HTTP Server is vulnerable to denial of serviceDoS attacks. A remote user could send a specially crafted HTTP/2 request to trigger a null pointer dereference in the modhttp2 component and cause the server process to crash...
Arbitrary Code Execution
GNU Wget is vulnerable to arbitrary code execution. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code...
Race condition
The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/htt...
Denial Of Service (DoS)
Apache HTTP Server is vulnerable to denial of serviceDoS attacks. This occurs in httpd's handling of the LimitRequestFields directive in modhttp2, affecting servers with HTTP/2 enabled. An attacker could send crafted CONTINUATION frames in an HTTP/2 requests with headers larger than the server's...
Denial Of Service (DoS)
Apache HTTP Server is vulnerable to denial of serviceDoS attacks. A remote attacker could exploit the flaw in httpd's modhttp2 module to block server threads for long times, causing starvation of worker threads, by manipulating the flow control windows on streams which leads to application crash...