SUSE SLES12 Security Update : apache2 (SUSE-SU-2017:1714-1)

This update for apache2 provides the following fixes: Security issues fixed : - CVE-2017-3167: In Apache use of httpd apgetbasicauthpw outside of the authentication phase could lead to authentication requirements bypass bsc1045065 - CVE-2017-3169: In modssl may have a dereference NULL pointer iss...

httpd: Incomplete handling of LimitRequestFields directive in mod_http2

A vulnerability was found in httpd's handling of the LimitRequestFields directive in modhttp2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash...

Passive HTTP2 Client Fingerprinting - White Paper

HTTP2 is the second major version of the HTTP protocol. It changes the way HTTP is transferred "on the wire" by introducing a full binary protocol, made up of TCP connections, streams and frames, rather than simply being a plain-text protocol. Such a fundamental change between HTTP/1.x to HTTP/2,...

httpd: Incomplete handling of LimitRequestFields directive in mod_http2

A vulnerability was found in httpd's handling of the LimitRequestFields directive in modhttp2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash...

Apache 2.4.23 mod_http2 - Denial of Service

!/usr/bin/python """ source : http://seclists.org/bugtraq/2016/Dec/3 The modhttp2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service memory...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2016-12036)

Apache HTTP Server is the United States Apache Apache Software Foundation of an open source web server. modhttp2 is one of the modules on the HTTP/2 protocol . A denial of service vulnerability exists in Apache HTTP Server. Exploitation of the vulnerability by a remote attacker could cause memory...

Apache Traffic Server < 7.0.0 Multiple Vulnerabilities

Binary data 9788.prm...

Mozilla: Miscellaneous memory safety hazards (rv:45.3) (MFSA 2016-62)

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to Http2Session::Shutdown a...

CVE-2016-2836

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to Http2Session::Shutdown a...

DEBIAN-CVE-2016-4979

The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple...

DEBIAN-CVE-2016-1546

The Apache HTTP Server 2.4.17 and 2.4.18, when modhttp2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a denial of service stream-processing outage via modified flow-control windows...

EUVD-2016-5947

The Apache HTTP Server 2.4.18 through 2.4.20, when modhttp2 and modssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple...

CVE-2016-4817

H2O vulnerability CVE-2016-4817 affects lib/http2/connection.c: disconnection handling causes a use-after-free in HTTP/2 processing. A crafted packet can lead to denial of service (application crash) and possibly arbitrary code execution. Affected versions are H2O before 1.7.3 and 2.x before 2.0....

openSUSE Security Update : go (openSUSE-2016-606)

This go update to version 1.6 fixes the following issues : Security issues fixed : - CVE-2016-3959: Infinite loop in several big integer routines boo974232 - CVE-2015-8618: Carry propagation in Int.Exp Montgomery code in math/big library boo960151 Bugs fixed : - Update to version 1.6 : - On Linux...

WYSIWYG Network Packet Editor: WireEdit

WYSIWYG Network Packet Editor WireEdit is first-of-a-kind and the only full stack cross-platform WYSIWYG network packets editor. It allows editing packets data at all stack layers as “rich text” in a simple point-and-click interface. The input and output format is Pcap. Is WireEdit a Pcap Editor?...

Code injection

epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service memory consumption or application crash via a crafted packet...

Apache Traffic Server 5.3.x < 5.3.2 HTTP2 Multiple Vulnerabilities

Binary data 9071.prm...

KLA10723 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list ...

UBUNTU-CVE-2015-7219

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service integer underflow, assertion failure, and application exit via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation...

Fedora 22 : php-5.6.8-1.fc22 (2015-6195)

16 Apr 2015, PHP 5.6.8 Core : - Fixed bug 66609 php crashes with get and ++ operator in some cases. Dmitry, Laruence - Fixed bug 68021 getbrowser browsernameregex returns non-utf-8 characters. Tjerk - Fixed bug 68917 parseurl fails on some partial urls. Wei Dai - Fixed bug 69134 Per Directory...