tomcat: non-persistent DoS attack by feeding data by aborting an upload

It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made...

stunnel crypto vulnerabilities

Entropy pools are reused if fork if used for threading...

Hacker Hijacks ISP Networks to steal $83,000 from Bitcoin Mining pools

Till now, he have heard about “Bitcoin digital wallet hacked” or “Bitcoin website hacked”, but now a hacker has stolen cryptocurrency from mining pools and generated $83,000 in digital cash in more than four months by gaining access to a Canadian Internet provider. Bitcoin is a virtual currency...

Debian Security Advisory DSA 2943-1 (php5 - security update)

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development: CVE-2014-0185The default PHP FPM socket permission has been changed from 0666 to 0660 to mitigate a security vulnerability CVE-2014-0185 in PHP FPM that allowed any local...

Release notes for Veeam MP Integration Management Pack update

Challenge Maintenance mode synchronization in System Center 2012 Operations Manager SP1 Importing the updated Veeam Integration MP will resolve the known issue related to maintenance mode synchronization in System Center 2012 Operations Manager SP1. When a vSphere host enters the maintenance mode...

DEBIAN-CVE-2012-6036

The 1 memcsavegetnextpage, 2 tmemcrestoreputpage and 3 tmemcrestoreflushpage functions in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service memory corruption and host crash or possibly execute...

eFront Community++ v3.6.10 - Multiple Web Vulnerabilities

Document Title: =============== eFront Community++ v3.6.10 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=421 Release Date: ============= 2012-02-09 Vulnerability Laboratory ID VL-ID: ==================================== 4...

isc-dhcp-server -- DoS in DHCPv6

ISC reports: Due to improper handling of a DHCPv6 lease structure, ISC DHCP servers that are serving IPv6 address pools AND using Dynamic DNS can encounter a segmentation fault error while updating lease status under certain conditions. The potential exists for this condition to be intentionally...

Enterprise Manager works with http, but not with https

Challenge This article covers two scenarios: The Veeam Backup Enterprise Manager webpage is not able to be reached when using both HTTP and HTTPS. or The Veeam Backup Enterprise Manager webpage is accessible when using HTTP, but fails to load when using HTTPS. Solution Enterprise Manager Webpage ...

PT-2010-4294 · Apache +1 · Apache Http Server +1

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server version 2.2.9 Description: The issue is related to an information disclosure flaw in the mod proxy component of the Apache HTTP Server. When running on Unix platforms, if a timeout occurs while reading a response from a...

Apache Httpd < 2.2.10 : Timeout detection flaw (mod_proxy_http)

An information disclosure flaw was found in modproxyhttp in version 2.2.9 only, on Unix platforms. Under certain timeout conditions, the server could return a response intended for another user. Only those configurations which trigger the use of proxy worker pools are affected. There was no...

Moderate: Red Hat Security Advisory: vdsm security, bug fix, and enhancement update

Updated vdsm packages that fix one security issue, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which giv...

Design/Logic Flaw

modproxyhttp.c in modproxyhttp in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive...

CVE-2010-2068

modproxyhttp.c in modproxyhttp in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive...

Apache Httpd < 2.2.16 : Timeout detection flaw (mod_proxy_http)

An information disclosure flaw was found in modproxyhttp in versions 2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout conditions, the server could return a response intended for another user. Only Windows, Netware and OS2 operating systems are affected. Only those...

Mandrake Security Advisory MDVSA-2009:195 (apr)

The remote host is missing an update to apr announced via advisory MDVSA-2009:195. OpenVAS Vulnerability Test $Id: mdksa2009195.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:195 apr Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Mandrake Security Advisory MDVSA-2009:195 (apr)

The remote host is missing an update to apr announced via advisory MDVSA-2009:195. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

DNS Recursion Bandwidth Amplification - Denial of Service (PoC)

DNS Recursion Bandwidth Amplification - Denial of Service PoC !/usr/bin/perl Get Net::RawIP at http://search.cpan.org/CPAN/authors/id/S/SZ/SZABGAB/Net-RawIP-0.2101.tar.gz cpan Net::DNS:Resolver seems to work fine on each machine I throw it on, as well. PS: To see if you can spoof, check out the A...

DNS Recursion Bandwidth Amplification - Denial of Service (PoC)

!/usr/bin/perl Get Net::RawIP at http://search.cpan.org/CPAN/authors/id/S/SZ/SZABGAB/Net-RawIP-0.2101.tar.gz cpan Net::DNS:Resolver seems to work fine on each machine I throw it on, as well. PS: To see if you can spoof, check out the ANA Spoofer project. http://spoofer.csail.mit.edu/ Written by...

CVE-2005-1742

CVE-2005-1742 affects BEA WebLogic Server and WebLogic Express 8.1 SP2/SP3. The vulnerability allows users with the Monitor security role to shrink or reset JDBC connection pools, indicating an authorization/privilege misuse issue affecting pool configuration. The provided documents confirm the a...