CVE-2016-4800

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...

Design/Logic Flaw

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...

CVE-2016-4800

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes...

Design/Logic Flaw

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been...

CVE-2015-8627

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been...

CVE-2015-8627

CVE-2015-8627 relates to MediaWiki and affects multiple branches: before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1. The issue is that IP addresses containing zero-padded octets were not normalized properly, which could allow remote attackers to bypass intended ...

tomcat security, bug fix, and enhancement update

0:7.0.69-10 - Related: rhbz1368122 0:7.0.69-9 - Resolves: rhbz1362213 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - Resolves: rhbz1368122 0:7.0.69-7 - Resolves: rhbz1362545 0:7.0.69-6 - Related: rhbz1201409 Added /etc/sysconfig/tomcat to the systemd unit fo...

Imperva 11.5 Detection Bypass

Bypass Imperva by confusing HTTP Pollution Normalization Engine Author: Wiswat Aswamenakul Environment: Tested with Imperva Version: 11.5 and Web Backend as IIS + ASP Description: One of technique that attackers use to bypass web application firewall is to use HTTP pollution attack. The attack ca...

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

CVE-2016-6263

The stringpreputf8nfkcnormalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via crafted UTF-8 data...

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

tomcat: URL Normalization issue

A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or...

Cron local privilege escalation

Palo Alto Networks firewalls use the cron infrastructure to perform household system cleanup at regular intervals. Due to an error in user input normalization, a file locally created by an end user and placed in a specific directory could be executed in a higher privilege context Ref. 93612...

Jetty Privilege Gain Vulnerability

Jetty is a free and open source project of the Eclipse Foundation , is a Java-based Web server and Java Servlet container . A privilege acquisition vulnerability exists in the path normalization mechanism in the PathResource class in Jetty version 9.3.x. An attacker can exploit this vulnerability...

phpMyAdmin Multiple XSS Vulnerabilities (PMASA-2016-12) - Windows

phpMyAdmin is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

LibRSVG '_rsvg_css_normalize_font_size' function denial of service vulnerability

LibRSVG is a SVG rendering engine written in C . A security vulnerability in the 'rsvgcssnormalizefontsize' function of LibRSVG allows remote attackers to cause a denial-of-service attack by exploiting the vulnerability to crash applications linking to this library...

[SECURITY] Fedora 24 Update: nodejs-node-stringprep-0.7.3-9.fc24

This module exposes predefined Unicode normalization functions that are required by many protocols. This is just a binding to ICU, which is said to be fast...

CVE-2016-2561

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...