375 matches found
CVE-2008-6549
The passwordchecker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service segmentation fault and crash via unknown vectors...
CVE-2008-6549
CVE-2008-6549 affects MoinMoin 1.6.1 and earlier; the password_checker function in config/multiconfig.py uses cracklib and python-crack, which are not thread-safe, allowing remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors. Impact is DoS; no exploita...
tomcat RemoteFilterValve Information disclosure
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...
CVE-2008-3271
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...
CVE-2008-3271
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...
CVE-2008-3271
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...
CVE-2008-3271
CVE-2008-3271 affects Apache Tomcat 5.5.0 and Tomcat 4.1.0 through 4.1.31. The issue is a synchronization-related defect that allows a remote attacker to bypass IP address restrictions and obtain sensitive information when a request is processed concurrently with another in a different thread, re...
PT-2008-4686 · Apache · Apache Tomcat
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.31 Apache Tomcat version 5.5.0 Description: The issue allows remote attackers to bypass IP address restrictions and obtain sensitive information due to a synchronization problem and lack of thread...
CVE-2007-2844
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access...
Race condition
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access...
CVE-2007-2844
CVE-2007-2844 details (supported by multiple sources): PHP 4.x and 5.x before 5.2.1 running on multi-threaded systems are affected due to a race condition in libc crypt function calls, arising from inadequate mutex protection. This vulnerability can allow remote attackers to overwrite internal pr...
CVE-2007-2844
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access...
Apache HTTPD contains denial of service vulnerability in basic authentication module
Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...
CVE-2003-0189
The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...
DSA-288 openssl - several vulnerabilities
Bulletin has no description...