1072 matches found
RedHat Update for httpd RHSA-2017:1721-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: httpd security and bug fix update
An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Internet Bug Bounty: Apache HTTP Request Parsing Whitespace Defects
Apache HTTP Server, prior to release 2.4.25, accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines was treated...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6
An update is now available for Red Hat JBoss Core Services on RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...
USN-3279-1: Apache HTTP Server vulnerabilities
It was discovered that the Apache modsessioncrypto module was encrypting data and cookies using either CBC or ECB modes. A remote attacker could possibly use this issue to perform padding oracle attacks. CVE-2016-0736 Maksim Malyutin discovered that the Apache modauthdigest module incorrectly...
Jenkins unauthorized code execution vulnerability analysis, updated the vulnerability of the environment, to detect script-vulnerability warning-the black bar safety net
A, summary CloudBees Jenkins 2.32.1 version exists in Java deserialization vulnerability, and ultimately can lead to remote code execution. Jenkins is a continuous integration continuous integration and continuous delivery system, can improve the software development process of the Central Africa...
Jenkins unauthorized code execution vulnerability analysis-vulnerability warning-the black bar safety net
A, summary CloudBees Jenkins 2.32.1 version exists in Java deserialization vulnerability, and ultimately can lead to remote code execution. Jenkins is a continuous integration continuous integration and continuous delivery system, can improve the software development process of the Central Africa...
EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1085)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored i...
EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1086)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored i...
CVE-2017-3594
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware subcomponent: Advanced UI. Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP t...
Hadoop HDFSBrowser information disclosure
Browsing the HDFS datalake ========================== Description ----------- There are 2 different and distinct approaches to browse the HDFS datalake: A. Through the WebHDFS API B. Through the native Hadoop CLI WebHDFS ------- WebHDFS offers REST API for users to access data on the HDFS...
Oracle Plugs Struts and Shadow Brokers hole along with 299 Total Vulnerabilities
Today Oracle released a total of 299 new security fixes across all product families. It is important to note that it fixed 25 instances of the infamous Apache Struts vulnerability which could allow a remote attacker to take complete control of the server running Struts. The struts fix was applied...
CentOS 7 : httpd (CESA-2017:0906)
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
CentOS Errata and Security Advisory CESA-2017:0906 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Scientific Linux Security Update : httpd on SL7.x x86_64 (20170412)
Security Fixes : - It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack...
WordPress Spider Event Calendar 1.5.51 Plugin - Blind SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score...
WordPress Spider Event Calendar 1.5.51 Blind SQL Injection
============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY...
Unnamed Vulnerability in Apple iOS/tvOS/macOS/watchOS HTTPProtocol Component
iOS is a mobile operating system developed by Apple Inc. First announced at the Macworld conference on January 9, 2007, it was originally designed for use with the iPhone, and has since been applied to the iPod touch, iPad, and Apple TV. tvOS is an Apple-developed system based on iOS. tvOS is the...
DEBIAN-CVE-2017-7443
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0ad regular expression...