openSUSE: Security Advisory for apache2 (openSUSE-SU-2012:0314-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. CVE-2009-0352, CVE-2009-0353 A flaw was found in the way malformed content was...

Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. CVE-2009-0352, CVE-2009-0353, CVE-2009-0356 Several flaws were found in the way malformed...

GLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201206-25 Apache HTTP Server: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker might obtain...

Apache HTTP Server: Multiple vulnerabilities

Background Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact A remote attacker might obtain sensitive information, gain...

Apache HTTPD Error Code 400 httpOnly Cookie Handling Information Disclosure (CVE-2012-0053)

An information disclosure vulnerability has been reported in Apache HTTPD server...

httpd: cookie exposure due to error responses

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...

Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting Vulnerabilities

Oracle GlassFish Server 3.1.1 build 12 - Multiple Cross-Site Scripting Vulnerabilities Details Vendor Site: Oracle www.oracle.com Date: April, 19th 2012 – CVE 2012-0551 Affected Software: Oracle GlassFish Server 3.1.1 build 12 Researcher: Roberto Suggi Liverani PDF version:...

Oracle GlassFish Server 3.1.1 (build 12) Multiple XSS Vulnerabilities

Exploit for windows platform in category web applications Details Vendor Site: Oracle www.oracle.com Date: April, 19th 2012 – CVE 2012-0551 Affected Software: Oracle GlassFish Server 3.1.1 build 12 Researcher: Roberto Suggi Liverani PDF version:...

Design/Logic Flaw

The 1 webreports, 2 post/create-role, and 3 post/update-role programs in IBM Tivoli Endpoint Manager TEM before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to thi...

CVE-2012-1837

The 1 webreports, 2 post/create-role, and 3 post/update-role programs in IBM Tivoli Endpoint Manager TEM before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to thi...

CVE-2012-1837

CVE-2012-1837 affects IBM Tivoli Endpoint Manager (TEM) prior to 8.2. The issue arises where the following TEM components—webreports , post/create-role , and post/update-role —do not set the HTTPOnly flag in a Set-Cookie header, enabling potential script access to the cookie and potential informa...

apache2: fixed various security bugs (important)

This update of apache2 fixes regressions and several security problems: bnc728876, fix graceful reload bnc741243, CVE-2012-0031: Fixed a scoreboard corruption shared mem segment by child causes crash of privileged parent invalid free during shutdown. bnc743743, CVE-2012-0053: Fixed an issue in...

RedHat Update for httpd RHSA-2012:0323-01

Check for the Version of httpd OpenVAS Vulnerability Test RedHat Update for httpd RHSA-2012:0323-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

httpd: cookie exposure due to error responses

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...

USN-1368-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. CVE-2011-3607 Prutha Parikh discovered that the modproxy module did not properly intera...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2012:0128 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

httpd: cookie exposure due to error responses

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...

Debian DSA-2405-1 : apache2 - multiple issues

Several vulnerabilities have been found in the Apache HTTPD Server : - CVE-2011-3607 : An integer overflow in appregsub could allow local attackers to execute arbitrary code at elevated privileges via crafted .htaccess files. - CVE-2011-3368 CVE-2011-3639 CVE-2011-4317 : The Apache HTTP Server di...

Apache httpOnly Cookie Disclosure(CVE-2012-0053)

No description provided by source. // Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies good // Construct string for cookie value var str = ""; for var i=0; i 819;...