8 matches found
httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check
A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...
httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check
A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...
openSUSE Security Update : tomcat6 (openSUSE-SU-2011:1134-1)
Specially crafted AJP messages could be used bypass authentication CVE-2011-3190. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update tomcat6-5149. The text description of this plugin is C SUSE LL...
Apache Tomcat 6.0.x < 6.0.35 Multiple Vulnerabilities
Binary data 6332.pasl...
Apache Tomcat 6.0.x < 6.0.35 Multiple Vulnerabilities
Binary data 800607.prm...
SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7756)
The following bug has been fixed : - Specially crafted AJP messages could have been used to bypass authentication. CVE-2011-3190 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Apache Tomcat 6.x < 6.0.35 Multiple Vulnerabilities
According to its self-reported version number, the instance of Apache Tomcat 6.x listening on the remote host is prior to 6.0.35. It is, therefore, affected by multiple vulnerabilities : - Specially crafted requests are incorrectly processed by Tomcat and can cause the server to allow injection o...
SuSE 10 Security Update : tomcat5 (ZYPP Patch Number 7755)
The following bug has been fixed : - Specially crafted AJP messages could have been used to bypass authentication. CVE-2011-3190 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...