Lucene search
K

375 matches found

OSV
OSV
added 2009/03/30 1:30 a.m.17 views

CVE-2008-6549

The passwordchecker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service segmentation fault and crash via unknown vectors...

6.4AI score
Exploits0References3
CVE
CVE
added 2009/03/30 1:0 a.m.55 views

CVE-2008-6549

CVE-2008-6549 affects MoinMoin 1.6.1 and earlier; the password_checker function in config/multiconfig.py uses cracklib and python-crack, which are not thread-safe, allowing remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors. Impact is DoS; no exploita...

5CVSS6.7AI score0.01484EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2008/12/08 9:2 a.m.10 views

tomcat RemoteFilterValve Information disclosure

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...

4.3CVSS5.9AI score0.04807EPSS
Exploits2References4
NVD
NVD
added 2008/10/13 8:0 p.m.20 views

CVE-2008-3271

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...

4.3CVSS6.1AI score0.04807EPSS
Exploits2References23
UbuntuCve
UbuntuCve
added 2008/10/13 8:0 p.m.33 views

CVE-2008-3271

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...

4.3CVSS5.9AI score0.04807EPSS
Exploits2References1
Cvelist
Cvelist
added 2008/10/13 6:0 p.m.32 views

CVE-2008-3271

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a...

6AI score0.04807EPSS
Exploits2References23
CVE
CVE
added 2008/10/13 6:0 p.m.77 views

CVE-2008-3271

CVE-2008-3271 affects Apache Tomcat 5.5.0 and Tomcat 4.1.0 through 4.1.31. The issue is a synchronization-related defect that allows a remote attacker to bypass IP address restrictions and obtain sensitive information when a request is processed concurrently with another in a different thread, re...

4.3CVSS5.9AI score0.04807EPSS
Exploits2References23Affected Software1
Positive Technologies
Positive Technologies
added 2008/10/13 12:0 a.m.5 views

PT-2008-4686 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.31 Apache Tomcat version 5.5.0 Description: The issue allows remote attackers to bypass IP address restrictions and obtain sensitive information due to a synchronization problem and lack of thread...

4.3CVSS6.4AI score0.04807EPSS
Exploits2References27
UbuntuCve
UbuntuCve
added 2007/05/24 6:30 p.m.43 views

CVE-2007-2844

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access...

9.3CVSS5.9AI score0.02863EPSS
Exploits0References1
Prion
Prion
added 2007/05/24 6:30 p.m.19 views

Race condition

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access...

9.3CVSS7.4AI score0.02863EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2007/05/24 6:0 p.m.83 views

CVE-2007-2844

CVE-2007-2844 details (supported by multiple sources): PHP 4.x and 5.x before 5.2.1 running on multi-threaded systems are affected due to a race condition in libc crypt function calls, arising from inadequate mutex protection. This vulnerability can allow remote attackers to overwrite internal pr...

9.3CVSS7AI score0.02863EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/05/24 6:0 p.m.33 views

CVE-2007-2844

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access...

7AI score0.02863EPSS
Exploits0References5
CERT
CERT
added 2003/06/24 12:0 a.m.38 views

Apache HTTPD contains denial of service vulnerability in basic authentication module

Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...

8.1AI score
Exploits0References3
Debian CVE
Debian CVE
added 2003/05/30 4:0 a.m.31 views

CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...

5CVSS6.5AI score0.15122EPSS
Exploits0
OSV
OSV
added 2003/04/17 12:0 a.m.61 views

DSA-288 openssl - several vulnerabilities

Bulletin has no description...

7.5CVSS8.4AI score0.06393EPSS
Exploits0
Rows per page
Query Builder