Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass Vulnerability

A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...

PT-2019-3168 · Cisco · Cisco Firepower Services Software For Asa +2

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense Software affected versions not specified Cisco FirePOWER Services Software for ASA affected versions not specified Cisco Firepower Management Center Software affected versions not specified Description: The issu...

Security update for java-1_8_0-openjdk (important)

openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2019:1912-1 Rating: important References: 1115375 1141780 1141782 1141783 1141784 1141785 1141786 1141787 1141789 Cross-References: CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786...

Authorization Bypass

httpd is vulnerable to authorization bypass. The vulnerability exists through URL normalization inconsistency...

FreeBSD : python 3.6 -- multiple vulnerabilities (18ed9650-a1d6-11e9-9b17-fcaa147e860e)

Python changelog : bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and localfile:// URL schemes in URLopener.open and URLopener.retrieve of urllib.request. bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit. bpo-30458: Address CVE-2019-9740 by...

Security update for python (important)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2019:1580-1 Rating: important References: 1129346 1130847 Cross-References: CVE-2019-9636 CVE-2019-9948 Affected Products: openSUSE Leap 42.3 An update that fixes two vulnerabilities is now available. Description:...

RHEL 6 : python (RHSA-2019:1467)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1467 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Scientific Linux Security Update : python on SL6.x i386/x86_64 (20190613)

Security Fixes : - python: Information Disclosure due to urlsplit improper NFKC normalization CVE-2019-9636 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid125916; scriptversion"1.4";...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

Important: Red Hat Security Advisory: python security update

An update for python is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2019:1439-1)

This update for python fixes the following issues : Security issues fixed : CVE-2019-9948: Fixed a 'file:' blacklist bypass in URIs by using the 'local-file:' scheme instead bsc1130847. CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC...

Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server used in IBM WebSphere Application Server in IBM Cloud (CVE-2019-0211 CVE-2019-0220)

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. Apache HTTP Server could provide weaker than expected security, caused by URL normalization inconsistencies. Apache HTTP Server could allow a local authenticated attacker to gain elevated...

Amazon Linux AMI : python36 (ALAS-2019-1204)

Python is affected by improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

Important: Red Hat Security Advisory: python27:2.7 security update

An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : python27:2.7 (RHSA-2019:0981)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0981 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic...

RHEL 8 : python3 (RHSA-2019:0997)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0997 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

OPENSUSE-SU-2019:1282-1 Security update for python3

This update for python3 fixes the following issues: Security issue fixed: - CVE-2019-9636: Fixed an information disclosure because of incorrect handling of Unicode encoding during NFKC normalization bsc1129346. This update was imported from the SUSE:SLE-15:Update update project...

CVE-2019-9901

Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provide...

CVE-2019-9901

CVE-2019-9901 affects Envoy 1.9.0 and earlier. The vulnerability arises because Envoy does not normalize HTTP URL paths, allowing a remote attacker to craft a relative path (e.g., something/../admin) to bypass access controls and cause a backend to interpret a non-normalized path, potentially gra...