5272 matches found
CVE-2015-1482
Ansible Tower aka Ansible UI before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/...
Authentication flaw
Ansible Tower aka Ansible UI before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/...
CVE-2015-1482
Ansible Tower aka Ansible UI before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/...
CVE-2015-1482
Ansible Tower (aka Ansible UI) before 2.0.5 is vulnerable to an authentication bypass via a websocket connection to socket.io/1/, enabling remote attackers to obtain sensitive information. Root cause: missing/weak auth on the Socket.IO endpoint. Affected product and version: Ansible Tower prior t...
Asterisk DoS
Crash on empty WebSocket frame. File descriptor leak on incompatible codecs...
Oracle Fusion Middleware Security Service Information Disclosure (January 2015 CPU) (BEAST)
The version of Oracle HTTP Server installed on the remote host is affected by an information disclosure vulnerability, known as BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector IV is selected when operating in cipher-block chaining CBC modes. A...
[ MDVSA-2015:018 ] asterisk
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:018 http://www.mandriva.com/en/support/security/ Package : asterisk Date : January 8, 2015 Affected: Business Server 1.0 Problem Description: Updated asterisk packages fix security vulnerability: Double free...
Mandriva Linux Security Advisory : asterisk (MDVSA-2015:018)
Updated asterisk packages fix security vulnerability : Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2 allows remote attackers to cause a denial of service crash by sending a zero length frame after a non-zero length frame...
Updated asterisk packages fix CVE-2014-9374
Updated asterisk packages fix security vulnerability: Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2 allows remote attackers to cause a denial of service crash by sending a zero length frame after a non-zero length frame...
MGASA-2015-0010 Updated asterisk packages fix CVE-2014-9374
Updated asterisk packages fix security vulnerability: Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2 allows remote attackers to cause a denial of service crash by sending a zero length frame after a non-zero length frame...
FreeBSD : asterisk -- Remote Crash Vulnerability in WebSocket Server (94268da0-8118-11e4-a180-001999f8d30b)
The Asterisk project reports : When handling a WebSocket frame the reshttpwebsocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would...
CVE-2014-9374
Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service crash by sending a zero length frame...
CVE-2014-9374
Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service crash by sending a zero length frame...
DEBIAN-CVE-2014-9374
Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service crash by sending a zero length frame...
Double free
Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service crash by sending a zero length frame...
CVE-2014-9374
CVE-2014-9374: A double free vulnerability in Asterisk’s WebSocket Server (res_http_websocket) can crash remote servers by processing a zero-length frame after a non-zero-length frame. Affected: Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, 13.x before 13.0.2, and Certified Asteri...
CVE-2014-9374
Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service crash by sending a zero length frame...
CVE-2014-9374
Double free vulnerability in the WebSocket Server reshttpwebsocket module in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service crash by sending a zero length frame...
AST-2014-019: Remote Crash Vulnerability in WebSocket Server
Asterisk Project Security Advisory - AST-2014-019 Product Asterisk Summary Remote Crash Vulnerability in WebSocket Server Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On 30 October 2014 Reported By Badalian...
Asterisk DoS
WebSocket Server request parsing DoS...