Debian: Security Advisory (DLA-1276-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4118-1] tomcat-native security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4118-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4118-1] tomcat-native security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4118-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2018 https://www.debian.org/security/faq -...

DSA-4118-1 tomcat-native - security update

Bulletin has no description...

Debian: Security Advisory (DSA-4118-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions Exploit

Exploit for windows platform in category dos / poc / If a native array is used as a prototype, it is converted to a Var array by the Js::JavascriptNativeFloatArray::SetIsPrototype method. In the JIT compiler, it uses InitProto instructions to set object literals' prototype. But when optimizing...

Microsoft Edge Chakra JIT - Array.prototype.reverse Array Type Confusion

Microsoft Edge Chakra JIT - Array.prototype.reverse Array Type Confusion / This is simillar to the previous issue 1457. But this time, we use Array.prototype.reverse. Array.prototype.reverse can be inlined and may invoke EnsureNonNativeArray to convert the prototype of "this" to a Var array. Call...

Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions

Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions / If a native array is used as a prototype, it is converted to a Var array by the Js::JavascriptNativeFloatArray::SetIsPrototype method. In the JIT compiler, it uses InitProto instructions to set object literals' prototyp...

Microsoft Edge Chakra JIT - 'Array.prototype.reverse' Array Type Confusion

/ This is simillar to the previous issue 1457. But this time, we use Array.prototype.reverse. Array.prototype.reverse can be inlined and may invoke EnsureNonNativeArray to convert the prototype of "this" to a Var array. Call flow: JavascriptArray::EntryReverse - FillFromPrototypes -...

Fedora 27 : tomcat-native (2018-7b1517bc6e)

Security fix for CVE-2017-15698 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...

Debian DLA-1276-1 : tomcat-native security update

Jonas Klempel discovered that, when parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have...

Fedora 26 : tomcat-native (2018-318b5d74bd)

Security fix for CVE-2017-15698 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...

[SECURITY] [DLA 1276-1] tomcat-native security update

Package : tomcat-native Version : 1.1.24-1+deb7u1 CVE ID : CVE-2017-15698 Jonas Klempel discovered that, when parsing the AIA-Extension field of a client certificate, Apache Tomcat Native did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP...

DLA-1276-1 tomcat-native - security update

Bulletin has no description...

Fedora Update for tomcat-native FEDORA-2018-7b1517bc6e

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for tomcat-native FEDORA-2018-318b5d74bd

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 26 Update: tomcat-native-1.2.16-1.fc26

Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced...

Apache Tomcat Native Connector Security Bypass Vulnerability

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems . Native Connector is one of the local connector . A...

CVE-2017-15698

When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates th...

Scarab ransomware: new variant changes tactics

The Scarab ransomware was discovered in June 2017. Since then, several variants have been created and discovered in the wild. The most popular or widespread versions were distributed via the Necurs botnet and initially written in Visual C compiled. However, after unpacking, we've found that anoth...