5762 matches found
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 update
Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.3 update
Red Hat JBoss Web Server 3.0.3 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
[SECURITY] Fedora 23 Update: php-5.6.20-1.fc23
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
[SECURITY] Fedora 22 Update: php-5.6.20-1.fc22
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Moderate: Red Hat Security Advisory: rh-php56-php security update
Updated rh-php56-php packages that fix multiple security issues are now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
[SECURITY] Fedora 22 Update: php-5.6.19-1.fc22
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
[SECURITY] Fedora 23 Update: php-5.6.19-1.fc23
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
[SECURITY] Fedora 22 Update: php-5.6.18-1.fc22
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Apache Httpd < 2.4.25 : Apache HTTP Request Parsing Whitespace Defects
Apache HTTP Server, prior to release 2.4.25 and 2.2.32, accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines...
Apache Httpd < 2.2.32 : Apache HTTP Request Parsing Whitespace Defects
Apache HTTP Server, prior to release 2.4.25 and 2.2.32, accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines...
Oracle Solaris Third-Party Patch Update : bash (multiple_vulnerabilities_in_bash1) (Shellshock)
The remote Solaris system is missing necessary patches to address security updates : - GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.0 security update
An update for Red Hat JBoss Web Server 2.1.0 that fixes four security issues is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Oracle Secure Global Desktop Multiple Vulnerabilities (January 2016 CPU) (Logjam)
The version of Oracle Secure Global Desktop installed on the remote host is version 4.63 / 4.71 / 5.2 and is missing a security patch from the January 2016 Critical Patch Update CPU. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the bundled version of Apache HTT...
[SECURITY] Fedora 23 Update: php-5.6.17-1.fc23
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
F5 Networks BIG-IP : Apache HTTPD vulnerability (K23332326)
modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...
httpd: HTTP request smuggling attack against chunked request parser
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 3.0.2 security update
Updated Red Hat JBoss Web Server 3.0.2 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...
UBUNTU-CVE-2015-0859
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokepingcgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments...
CVE-2007-1743
suexec in Apache HTTP Server httpd 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vend...
CVE-2007-1742
suexec in Apache HTTP Server httpd 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "htmlbackup" and "htmleditor" under an "html...