1141 matches found
DSA-2897-1 tomcat7 - security update
Bulletin has no description...
Ubuntu Update for tomcat7 USN-2130-1
Check for the Version of tomcat7 OpenVAS Vulnerability Test $Id: gbubuntuUSN21301.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for tomcat7 USN-2130-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software...
Ubuntu: Security Advisory (USN-2130-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : tomcat6, tomcat7 vulnerabilities (USN-2130-1)
It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. A remote attacker could possibly use this flaw to conduct request smuggling attacks. CVE-2013-4286 It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A...
USN-2130-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. A remote attacker could possibly use this flaw to conduct request smuggling attacks. CVE-2013-4286 It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A...
Design/Logic Flaw
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...
CVE-2013-4286
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...
UBUNTU-CVE-2013-4286
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...
CVE-2013-2028
The ngxhttpparsechunked function in http/ngxhttpparse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service crash and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based...
tomcat: Limited DoS in chunked transfer encoding input filter
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...
tomcat: Limited DoS in chunked transfer encoding input filter
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...
USN-1841-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS...
Nginx 1.3.9 / 1.4.0 Denial Of Service
Exploit Title: nginx v1.3.9-1.4.0 DOS POC CVE-2013-2028 Date: 16.05.2013 Exploit Author: Mert SARICA - mert . sarica @ gmail . com - http://www.mertsarica.com Vendor Homepage: http://nginx.org/ Software Link: http://nginx.org/download/nginx-1.4.0.tar.gz Version: 1.3.9-1.4.0 Tested on: Kali Linux ...
Fedora 19 : nginx-1.4.1-1.fc19 (2013-7560)
Update to upstream release 1.4.1 which fixes : - CVE-2013-2028: Stack-based buffer overflow when handling certain chunked transfer encoding requests Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted t...
[SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-3544 Chunked transfer encoding extension size is not limited Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.36 Description: When processing a request submitted...
Fixed in Apache Tomcat 6.0.37
Important: Session fixation CVE-2013-2067 FORM authentication associates the most recent request requiring authentication with the current session. By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that...
Piwigo任意文件泄露和任意文件删除漏洞
BUGTRAQ ID: 58016 Piwigo是用PHP编写的相册脚本。 Piwigo 2.4.6及其他版本没有正确验证install.php脚本的 'dl'参数值,在实现上存在安全漏洞,攻击者可利用这些漏洞查看受影响计算机上的任意文件,删除受影响应用上下文内的任意文件。 0 Piwigo Piwigo 2.4.6 厂商补丁: Piwigo ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://piwigo.org/bugs/view.php?id=2843...
Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64
A flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent...
Multiple web browsers vulnerable in processing Tranfer-Encoding header
Overview Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as ...
JVN#90389651: Multiple web browsers vulnerable in processing Tranfer-Encoding header
Multiple web browsers contain a vulnerability in processing the Transfer-Encoding header. When viewing a malicious web site through a proxy server, part of the HTTP response may be misidentified as a response from a different server. Impact An arbitrary script may be executed on the user's web...