Lucene search
K

304 matches found

OpenVAS
OpenVAS
added 2023/06/14 12:0 a.m.17 views

Debian: Security Advisory (DSA-5424-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7AI score0.00709EPSS
Exploits0References4
Debian
Debian
added 2023/06/13 8:5 p.m.24 views

[SECURITY] [DSA 5425-1] php8.2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5425-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2023 https://www.debian.org/security/faq -...

6.7AI score
Exploits0
Debian
Debian
added 2023/06/13 8:2 p.m.22 views

[SECURITY] [DSA 5424-1] php7.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5424-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2023 https://www.debian.org/security/faq -...

6.7AI score
Exploits0
OpenVAS
OpenVAS
added 2023/06/09 12:0 a.m.20 views

PHP < 8.0.29, 8.1.x < 8.1.20, 8.2.x < 8.2.7 Security Update - Windows

PHP is prone to a missing error check and insufficient random bytes in HTTP Digest authentication for SOAP vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

4.3CVSS5.5AI score0.00709EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.45 views

K54891070: Tomcat vulnerabilities CVE-2012-5885, CVE-2012-5886, and CVE-2012-5887

Security Advisory Description CVE-2012-5885 The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc...

5CVSS5.2AI score0.12098EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.117 views

K22902581: Apache mod_auth_digest vulnerability CVE-2018-1312

Security Advisory Description In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP...

9.8CVSS6.6AI score0.15885EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.4 views

SUSE CVE-2017-5418

An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox 52 and Thunderbird 52...

5.3CVSS6.2AI score0.01277EPSS
Exploits1References6
Prion
Prion
added 2022/08/08 7:15 p.m.20 views

Hardcoded credentials

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...

7.5CVSS9.5AI score0.01067EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/08/08 6:26 p.m.74 views

CVE-2021-41615

The CVE-2021-41615 entry relates to GoAhead WebServer 2.1.8 (websda.c) having insufficient nonce entropy because nonce calculation uses a hardcoded value (onceuponatimeinparadise) that does not comply with RFC 7616/2617 secret-data guidelines. The vulnerability is documented with a high CVSS v3.1...

9.8CVSS9.4AI score0.01067EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/08 6:26 p.m.40 views

CVE-2021-41615

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...

9.8AI score0.01067EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/17 1:38 a.m.31 views

Improper Authentication in Apache Tomcat

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended...

5CVSS4.1AI score0.12098EPSS
Exploits2References22Affected Software1
OSV
OSV
added 2022/05/17 1:38 a.m.38 views

GHSA-28CQ-6RMX-PJQ4 Improper Authentication in Apache Tomcat

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended...

5CVSS6.6AI score0.12098EPSS
Exploits2References22
OSV
OSV
added 2022/05/17 12:57 a.m.36 views

GHSA-99RF-92V6-CWX4 Improper Access Control in Apache Tomcat

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

5CVSS5.3AI score0.0898EPSS
Exploits0References24
Github Security Blog
Github Security Blog
added 2022/05/17 12:57 a.m.31 views

Improper Access Control in Apache Tomcat

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...

5CVSS3.1AI score0.0898EPSS
Exploits0References25Affected Software1
OSV
OSV
added 2022/05/14 1:17 a.m.191 views

GHSA-6CR4-7C7P-P3XV Use of Hard-coded Cryptographic Key in Apache Tomcat

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...

4.3CVSS4.8AI score0.0657EPSS
Exploits0References20
OSV
OSV
added 2022/05/14 1:17 a.m.37 views

GHSA-4F7H-9J2X-CMR4 Improper Authentication in Apache Tomcat

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability th...

5CVSS4.8AI score0.07628EPSS
Exploits0References22
OSV
OSV
added 2022/05/14 1:17 a.m.152 views

GHSA-Q9XF-JWR4-V445 Authentication Bypass in Apache Tomcat

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...

5CVSS4.9AI score0.0854EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/14 1:17 a.m.86 views

Authentication Bypass in Apache Tomcat

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the...

5CVSS2.2AI score0.0854EPSS
Exploits0References8Affected Software1
OpenVAS
OpenVAS
added 2021/10/29 12:0 a.m.24 views

Apache Tomcat 7.0.x < 7.0.11 Multiple Vulnerabilities - Linux

Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.8CVSS6AI score0.0869EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/10/29 12:0 a.m.30 views

Apache Tomcat 5.5.x < 5.5.34 Multiple Vulnerabilities - Linux

Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS5.6AI score0.15226EPSS
Exploits2References1
Rows per page
Query Builder