11652 matches found
[SECURITY] Fedora 30 Update: php-7.3.3-1.fc30
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2019-0190; CVE-2018-17189; CVE-2018-17199)
Summary Apache HTTP Server has security vulnerabilities that allows a remote attacker to exploit the application. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability Details This section includes the vulnerability details that affects the Rational...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. Impact A remote attacker can possibly cause a Denial of Service condition ...
ES File Explorer Open Port
This module connects to ES File Explorer's HTTP server to run certain commands. The HTTP server is started on app launch, and is available as long as the app is open. Version 4.1.9.7.4 and below are reported vulnerable This module has been tested against 4.1.9.5.1. This module requires Metasploit...
Mail.ru: touch.mail.ru / e.mail.ru memory content disclosure
An invalid handling of NUL byte in API request led to disclosure of HTTP server memory region. The root cause of this bug is tracked to nginx+openresty. An advisory is below: Insecure implementation of nginx rewrite / OpenResty ngx.req.seturi + memory content leak in nginx. OpenResty is LUA engin...
PT-2019-3473 · Apache +8 · Apache Traffic Server +9
Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions affected versions not specified Apache HTTP Server versions affected versions not specified Node.js versions affected versions not specified Description: The issue is related to errors in the mechanism controlli...
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML !-- Windows: Windows: IE11 VBScript execution policy bypass in MSHTML Platform: Windows 10 1809 not tested earlier Class: Security Feature Bypass Summary: MSHTML only checks for the CLSID associated with VBScript when...
Fedora Update for php FEDORA-2019-efa799fd16
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 29 Update: php-7.2.16-1.fc29
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
[SECURITY] Fedora 28 Update: php-7.2.16-1.fc28
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
MGASA-2019-0109 Updated apache packages fix security vulnerability
By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections in Apache HTTP Server versions 2.4.37 and prior CVE-2018-17189. In Apache HTTP Serv...
Security Bulletin: Security vulnerability in the IBM HTTP Server (CVE-2018-17199)
Summary There is a vulnerability in the IBM HTTP Server used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2018-17199 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by checking the session expiry time before decoding the...
Amazon Linux AMI : httpd24 (ALAS-2019-1166)
In Apache HTTP server by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections. CVE-2018-17189 A bug exists in the way modssl handled client...
KLA12364 Multiple vulnerabilities in Apache HTTP Server
Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in modsessioncookie can be exploited to spoof user interface. 2...
Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution
Jenkins Plugin Script Security 1.49Declarative 1.3.4Groovy 2.60 - Remote Code Execution !/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on :...
Apache Httpd < 2.4.39 : Apache HTTP Server privilege escalation from modules' scripts
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...
Security Bulletin: Vulnerabilities CVE-2018-17199, CVE-2018-17189, and CVE-2019-0190 in the IBM i HTTP Server affect IBM i.
Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-0190 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by the improper handling of client negotiations by modssl. By sending a specially crafted...
Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301)
Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2018-1301 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds access error after a header size limit has been reached...
Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2017-12613)
Summary There is a potential information disclosure in IBM HTTP Server used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-12613 DESCRIPTION: Apache Portable Runtime APR could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds array...
RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 (RHSA-2019:0367)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0367 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...