subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s)

The Apache Software Foundation reports: The moddontdothat module of subversion and subversion clients using https:// are vulnerable to a denial-of-service attack, caused by exponential XML entity expansion. The attack targets XML parsers causing targeted process to consume excessive amounts of...

tomcat -- multiple vulnerabilities

The Apache Software Foundation reports: Important: Remote Code Execution CVE-2016-8735 Important: Information Disclosure CVE-2016-6816...

[SECURITY] Fedora 23 Update: tomcat-8.0.38-1.fc23

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache CXF Fediz Security Bypass Vulnerability

Apache CXF is the United States Apache Apache Software Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs , etc. Apache CXF Fediz is one of the subprojects , mainly used to provide authenticatio...

[SECURITY] Fedora 24 Update: tomcat-8.0.36-2.fc24

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache OpenMeetings 3.1.0 Cross Site Scripting

Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 3.1.0 Description: The value of the URL's "swf" query parameter is interpolated into the JavaScript tag without being escaped, leading to the reflected XSS. All users are recommended to upgrade to...

Apache OpenMeetings 1.9.x < 3.1.0 - '.ZIP' File Directory Traversal

Exploit for linux platform in category web applications Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0 Description: The Import/Export System Backups functionality in the OpenMeetings Administration menu...

Apache OpenMeetings 1.9.x &lt; 3.1.0 - &#039;.ZIP&#039; File Directory Traversal

Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0 Description: The Import/Export System Backups functionality in the OpenMeetings Administration menu http://domain:5080/openmeetings/admin/backup is vulnerable to path traversal via...

FreeBSD : xerces-c3 -- Parser Crashes on Malformed Input (a7f2e9c6-de20-11e5-8458-6cc21735f730)

The Apache Software Foundation reports : The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bug...

xerces-c3 -- Parser Crashes on Malformed Input

The Apache Software Foundation reports: The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.6 update on RHEL 7

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.6, fix several bugs, add various enhancements, and resolve one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A...

Important: Red Hat Security Advisory: jboss-ec2-eap security and enhancement update for EAP 6.4.6

Updated jboss-ec2-eap packages that add one enhancement and resolve one security issue are now available for Red Hat JBoss Enterprise Application Platform 6.4.6 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerabilit...

RedHat Update for subversion RHSA-2015:1633-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure

Severity: Important Vendor: The Apache Software Foundation Versions Affected: All unsupported versions ranging from 1.7.0 to 2.4.3. Impact Remote execution of untrusted code, DoS Description When an application has Groovy on classpath and that it uses standard Java serialization mechanims to...

[SECURITY] CVE-2014-7810: Apache Tomcat Security Manager Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CVE-2014-7810 Security Manager Bypass Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.15 - - Apache Tomcat 7.0.0 to 7.0.57 - - Apache Tomcat 6.0.0 to 6.0.43 Description: Malicious web...

tomcat -- multiple vulnerabilities

Apache Software Foundation reports: Low: Denial of Service CVE-2014-0230 When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be...

CVE-2015-1773 Apache Flex reflected XSS vulnerability

CVE-2015-1773 Apache Flex reflected XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: All versions of Apache Flex before 4.14.1 Description: The asdoc tool produced JavaScript code that was vulnerable to a reflected XSS attack. A request with a specially...

RHEL 7 : qpid (RHSA-2015:0708)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0708 advisory. Red Hat Enterprise MRG is a next-generation IT infrastructure incorporating Messaging, Real Time, and Grid functionality. It offers increase...

Moderate: Red Hat Security Advisory: qpid security and bug fix update

Updated qpid packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG 3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

RHEL 5 : qpid-cpp (RHSA-2015:0662)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0662 advisory. Red Hat Enterprise MRG Messaging, Realtime, and Grid is a next-generation IT infrastructure for enterprise computing. MRG offers increased...