Mozilla Firefox ESR Security Advisories (MFSA2019-21, MFSA2019-22) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

CVE-2019-11713

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Mozilla Firefox ESR < 60.8

The version of Firefox ESR installed on the remote Windows host is prior to 60.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-22 advisory. - A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use,...

Security vulnerabilities fixed in Thunderbird 60.8 — Mozilla

As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. When an inner window is reused, it does not consider the use of document.domain for cross-origin...

Security vulnerabilities fixed in Firefox ESR 60.8 — Mozilla

As part of his winning Pwn2Own entry, Niklas Baumstark demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. When an inner window is reused, it does not consider the use of document.domain for cross-origin...

GHSA-FFQ8-576R-V26G HPACK Denial of Service vulnerability (HPACK Bomb)

A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...

HPACK Denial of Service vulnerability (HPACK Bomb)

A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK...

openSUSE: Security Advisory for tomcat (openSUSE-SU-2019:1673-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for tomcat (moderate)

openSUSE Security Update: Security update for tomcat Announcement ID: openSUSE-SU-2019:1673-1 Rating: moderate References: 1111966 1131055 1136085 Cross-References: CVE-2019-0199 CVE-2019-0221 Affected Products: openSUSE Leap 15.0 An update that solves two vulnerabilities and has one errata is no...

Apache Tomcat 9.0.0.M1 < 9.0.16

The version of Tomcat installed on the remote host is prior to 9.0.16. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.16security-9 advisory. - The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessi...

EulerOS 2.0 SP8 : haproxy (EulerOS-SA-2019-1650)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests...

Improper Locking in Apache Tomcat

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...

CVE-2019-10072

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...

Fedora 30 : 1:tomcat (2019-1a3f878d27)

This update includes a rebase from 9.0.13 up to 9.0.21 which resolves two CVEs along with various other bugs/features : - rhbz1673856 tomcat-9.0.21 is available - rhbz1713279 CVE-2019-0221 tomcat: XSS in SSI printenv - rhbz1693326 CVE-2019-0199 tomcat: Apache Tomcat HTTP/2 DoS Note that Tenable...

CVE-2019-10072

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...

CVE-2019-10072

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...

Code injection

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...

CVE-2019-10072

CVE-2019-10072 affects Apache Tomcat in the HTTP/2 handling. The documented issue states that the fix for CVE-2019-0199 was incomplete, allowing HTTP/2 connection window exhaustion on write (stream 0). Affected versions: Tomcat 9.0.0.M1–9.0.19 and 8.5.0–8.5.40. Consequence: server-side threads ca...

CVE-2019-10072

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...

CVE-2019-10072

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOWUPDATE messages for the connection window stream 0 clients were able to cause server-side threads to...