Moderate: Red Hat Security Advisory: qpid-cpp security and bug fix update

Updated qpid-cpp packages that fix multiple security issues and one bug are now available for Red Hat Enterprise MRG Messaging 2.5 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base score...

[SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0227 Request Smuggling Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.8 - - Apache Tomcat 7.0.0 to 7.0.54 - - Apache Tomcat 6.0.0 to 6.0.41 Description: It was possible to craf...

CVE-2014-0227 Apache Tomcat Request Smuggling | Cloud Foundry

CVE-2014-0227 Apache Tomcat Request Smuggling Important Vendor Apache Software Foundation Versions Affected Apache Tomcat 8.0.0-RC1 to 8.0.8 inclusive Apache Tomcat 7.0.0 to 7.0.54 inclusive Apache Tomcat 6.0.0 to 6.0.41 inclusive Description It was possible to craft a malformed chunk as part of ...

CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests

Apache Software Foundation - Security Advisory Apache Qpid's qpidd can be induced to make http requests CVE-2014-3629 CVS: 3 Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Qpid's qpidd up to and including version 0.30, where xml exchange module is loaded Descriptio...

[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3575 OpenOffice Targeted Data Exposure Using Crafted OLE Objects Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 4.1.0 and older on Windows. OpenOffice.org versions are also affected. Descriptio...

CVE-2014-3524: Apache OpenOffice Calc Command Injection Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3524 OpenOffice Calc Command Injection Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 4.1.0 and older on Windows. OpenOffice.org versions may also be affected. Description: The...

Apache JackRabbit 2.0.0 webapp XPath Injection

No description provided by source. Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description:...

Tomcat 3.0/3.1 Snoop Servlet Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1532/info A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much information is...

Apache Rave 0.11 - 0.20 - User Information Disclosure

No description provided by source. CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This...

[SECURITY] CVE-2014-0095 Apache Tomcat denial of service

CVE-2014-0095 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC2 to 8.0.3 Description: A regression was introduced in revision 1519838 that caused AJP requests to hang if an explicit content length of zero was set on the...

[SECURITY] CVE-2014-0119 Apache Tomcat information disclosure

CVE-2014-0119 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.5 - Apache Tomcat 7.0.0 to 7.0.53 - Apache Tomcat 6.0.0 to 6.0.39 Description: In limited circumstances it was possible for a malicious web applicati...

[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure

CVE-2014-0096 Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache Tomcat 7.0.0 to 7.0.52 - Apache Tomcat 6.0.0 to 6.0.39 Description: The default servlet allows web applications to define at multiple leve...

[SECURITY] CVE-2014-0111 Apache Syncope

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0111: Remote code execution by an authenticated administrator Severity: Important Vendor: The Apache Software Foundation Versions Affected: Syncope 1.0.0 to 1.0.8 Syncope 1.1.0 to 1.1.6 Description: In the various places in which Apache Commo...

Apache Xalan-Java Library安全绕过漏洞

Bugtraq ID:66397 CVE ID:CVE-2014-0107 Apache Xalan-Java是一个使用Java和C++来实现XSLT库的项目。 攻击者可以利用这个问题来绕过安全限制，并执行未经授权的操作。这可能有助于发动进一步的攻击。 0 Apache Software Foundation Xalan-java 2.7 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://xml.apache.org/xalan-j/...

[oCERT-2014-002] Xalan-Java insufficient secure processing

2014-002 Xalan-Java insufficient secure processing Description: The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing JAXP which supports a secure processing feature for interpretive and XSLCT processors. The...

Updated [CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users

Issued: January 9, 2014 Updated: January 10, 2014 CVE-2014-0031 CloudStack ListNetworkACL API discloses ACLs for other users Product: Apache CloudStack Vendor: Apache Software Foundation Vulnerability type: Information Disclosure Vulnerable Versions: Apache CloudStack 4.2.0 CVE References:...

[CVE-2013-6480] Libcloud doesn't send scrub_data query parameter when destroying a DigitalOcean node

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2013-6480 Libcloud doesn't send scrubdata query parameter when destroying a DigitalOcean node Severity: Low Vendor: Apache Software Foundation Project: Apache Libcloud http://libcloud.apache.org/ Affected Versions: Apache Libcloud 0.12.3 to 0.13...

Apache Shindig 2.5.0 XXE Injection

CVE-2013-4295: XXE vulnerability In Apache Shindig 2.5.0 PHP Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shindig PHP 2.5.0 Description: The gadget renderer in the PHP version of Apache Shindig is subject to an XML External Entity XXE Injection attack. The...

JVN#33504150: Apache Struts vulnerable to remote command execution

Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a remote command execution vulnerability. This issue is the same issue that the developer published as S2-016 on July 16, 2013 Note that attacks leveraging...