Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Updated tomcat package fixes security vulnerabilities

The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could...

Roundcube Webmail < 1.1.5 CSRF Vulnerability

Roundcube Webmail is prone to a cross-site request forgery CSRF vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program ...

CVE-2016-6816

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a...

RubyGems: Host header Injection rubygems.org

Hi, As you are interested in any bug in rubygems.org, I thought of reporting it. The host header is not validated on rubygems.org. In many cases, developers are trusting the HTTP Host header value and using it to generate links, import scripts and even generate password resets links with its valu...

USN-3111-1 firefox vulnerabilities

A use-after-free was discovered in service workers. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via program crash, or execute arbitrary code. CVE-2016-5287 It was discovered that web content could access...

New Relic: HOST HEADER INJECTION in rpm.newrelic.com

hello to all professionals Greetings i have found a host header injection vulnerability in your website vulnerable url :- rpm.newrelic.com the host header can be changed to something outside the target domain In many cases, developers are trusting the HTTP Host header value and using it to genera...

Instacart: Host Header Injection/Redirection in: https://www.instacart.com/

Hi, Your website is vulnerable to Host Header Injection because the host header can be changed to something outside the target domain In many cases, developers are trusting the HTTP Host header value and using it to generate links, import scripts and even generate password resets links with its...

golang: HTTP request smuggling in net/http library

HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error the second field is ignored, and invalid fields are parsed as valid for example, "Content Length:" with a space in the...

golang: HTTP request smuggling in net/http library

HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error the second field is ignored, and invalid fields are parsed as valid for example, "Content Length:" with a space in the...

IBM QRadar SIEM Cross-Site Request Forgery Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. IBM QRadar suffers...

IBM TRIRIGA Application Platform Cross-Site Request Forgery Vulnerability (CNVD-2016-03775)

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...

IBM WebSphere Application Server CRLF Injection Vulnerability (Feb 2016)

IBM WebSphere Application Server is prone to a CRLF injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Node.js HTTP Request Smuggling Vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. The platform is primarily used for building highly scalable applications and writing code that can handle tens of thousands of simultaneous connections to a singl...

Unspecified Vulnerability in Oracle Fusion Middleware Web Cache SSL Support Component (CNVD-2016-00579)

Oracle Fusion Middleware is a suite of application servers for cloud and traditional environments. An unspecified security vulnerability exists in the Oracle Fusion Middleware Web Cache SSL Support component, which could be exploited by remote attackers to gain access to data...

Unspecified Vulnerability in Oracle Fusion Middleware Web Cache SSL Support Component (CNVD-2016-00580)

Oracle Fusion Middleware is a suite of application servers for cloud and traditional environments. An unspecified security vulnerability exists in the Oracle Fusion Middleware Web Cache SSL Support component, which could be exploited by remote attackers to gain access to data...

Unspecified Vulnerability in Oracle Fusion Middleware Web Cache SSL Support Component

Oracle Fusion Middleware is a suite of application servers for cloud and traditional environments. An unspecified security vulnerability exists in the Oracle Fusion Middleware Web Cache SSL Support component, which could be exploited by remote attackers to gain access to data...

CVE-2016-0439

Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0430...

CVE-2016-0439

Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0430...

CVE-2016-0433

Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support...