6245 matches found
[SECURITY] [DSA 3908-1] nginx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3908-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 12, 2017 https://www.debian.org/security/faq -...
CVE-2017-7529
A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory b...
Debian Security Advisory DSA 3908-1 (nginx - security update)
An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure. OpenVAS Vulnerability Test $Id: deb3908.nasl 6832 2017-08-02 05:57:34Z cfischer $ Auto-generated from advisory DSA 3908-1 using nvtgen...
Nginx Remote Integer Overflow Vulnerability
Nginx is a very widely used high-performance web server. An integer overflow vulnerability exists in the Nginx Range Filter module, which allows remote attackers to exploit the vulnerability to submit a special request, obtain sensitive information or crash the application...
Trend Micro Deep Discovery Director Multiple Vulnerabilities
1. Advisory Information Title: Trend Micro Deep Discovery Director Multiple Vulnerabilities Advisory ID: CORE-2017-0005 Advisory URL:https://www.coresecurity.com/core-labs/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities Date published: 2017-07-12 Date of last update:...
DSA-3908-1 nginx - security update
Bulletin has no description...
FreeBSD : nginx -- a specially crafted request might result in an integer overflow (b28adc5b-6693-11e7-ad43-f0def16c5c1b)
Maxim Dounin reports : A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak CVE-2017-7529. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
[ASA-201707-11] nginx: information disclosure
Arch Linux Security Advisory ASA-201707-11 ========================================== Severity: High Date : 2017-07-12 CVE-ID : CVE-2017-7529 Package : nginx Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-345 Summary ======= The package nginx before version...
[ASA-201707-12] nginx-mainline: information disclosure
Arch Linux Security Advisory ASA-201707-12 ========================================== Severity: High Date : 2017-07-12 CVE-ID : CVE-2017-7529 Package : nginx-mainline Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-346 Summary ======= The package nginx-mainlin...
Security fix for the ALT Linux 9 package nginx version 1.12.1-alt1
July 11, 2017 Gleb Fotengauer-Malinovskiy 1.12.1-alt1 - Updated to 1.12.1 Fixes CVE-2017-7529...
CVE-2017-7529
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request...
nginx -- a specially crafted request might result in an integer overflow
Maxim Dounin reports: A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak CVE-2017-7529...
Debian: Security Advisory (DSA-3908-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2017-7529
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request...
Flexport year in Hackerone is report 6 an interesting vulnerability-vulnerability warning-the black bar safety net
! A year ago the Internet freight forwarders company Flexport in order to improve its customer data security, with our HackerOne platform to establish a cooperative relationship. HackerOne as a global well-known bug Bounty gold one, allowing all the security enthusiasts and professional penetrati...
Steamer - Import, Search, and Manage Public Password Breach Data
Import, manage, search public dumps. Do you have massive amounts of CSV, .sql, .txt, that have credentials, passwords, and hashes inside? Use Steamer to manage them! Load them into a MongoDB database, and either uses the console directly or just use the handy web interface complete with JSON...
Top-5 stupid security mistakes in web apps
In this blog entry, I will summarize some commonly overlooked issues which have been affecting many web projects for the last 5 years. All of them are obvious and super predictable and could be used be script kiddies as well as by fully automated scanners and internal security checks. Let’s go! 1...
Gratipay: SSl Weak Ciphers
Summary Websites using TLS 1.0 will be considered non-compliant by PCI after 30 June 2018. Description TLS 1.0 has several flaws. An attacker can cause connection failures and they can trigger the use of TLS 1.0 to exploit vulnerabilities like BEAST Browser Exploit Against SSL/TLS. Steps To...
Anti-DDoS Solution Based on iptables: nShield
Anti-DDoS Solution Based on iptables An Easy and Simple Anti-DDoS solution for VPS, Dedicated Servers and IoT devices based on iptables Requirements Linux System with python, iptables Nginx Will be installed automatically by install.sh Quickstart cd /home/ && git clone...
Weblate: Weblate- Banner Grabbing-Ngnix Server version
Hey, I have found in the HTTP response header from docs.weblate.org, the nginx web server version is disclosed. Ideally application server responds back to users error message in customzied manner by not revealing any sensitive information about webserver or underlying components in applicatio...