455 matches found
tomcat -- authentication weaknesses
The Apache Software Foundation reports: Three weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved: Tomcat tracked client rather than server nonces and nonce count. When a session ID was present, authentication was bypassed. The user name and password were n...
CVE-2012-4501 : Critical vulnerability warned in Cloudstack
Citrix and the Apache Software Foundation have alerted users to a critical vulnerability in the CloudStack open source cloud infrastructure management software. The vulnerability affects all versions of Cloudstack prior to October 7, including the Citrix commercial version. Vulnerability could...
Critical Flaw Reported in CloudStack
The Apache Software Foundation is warning users about a configuration problem in the open-source CloudStack platform that could allow an attacker to take a number of unwanted actions, including deleting all of the virtual machines on a system. CloudStack is a project that’s under incubation at th...
[SECURITY] Fedora 17 Update: tomcat6-6.0.35-1.fc17
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...
[SECURITY] Fedora 16 Update: tomcat6-6.0.35-1.fc16
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...
Apache Sling 2.1.0 Denial Of Service
CVE-2012-2138 : Apache Sling denial of service vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: org.apache.sling.servlets.post bundle up to 2.1.0 Description: The @CopyFrom operation of the Sling POST servlet allows for copying a parent node to one of it...
CVE-2012-2149 OpenOffice.org memory overwrite vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2012-2149 OpenOffice.org memory overwrite vulnerability Reference: http://www.openoffice.org/security/cves/CVE-2012-2149.html Severity: Important Vendor: The Apache Software Foundation Versions Affected: OpenOffice.org 3.3 and 3.4 Beta, on all...
CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object Reference: http://www.openoffice.org/security/cves/CVE-2012-1149.html Severity: Important Vendor: The Apache Software...
CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0 Reference: http://www.openoffice.org/security/cves/CVE-2012-2334.html Severity: Important Vendor: The Apache Software Foundation Versions Affected:...
Apache Hadoop 未明用户扮演漏洞(CVE-2012-1574)
Bugtraq ID: 52939 CVE ID:CVE-2012-1574 Apache Hadoop是一款设计用来在由通用计算设备组成的大型集群上执行分布式应用的框架 Apache Hadoop存在一个未明安全漏洞,允许恶意用户扮演其他用户。要成功利用漏洞需要目标用户使用了Kerberos / MapReduce安全特性 0 Cloudera Cloudera Manager 3.7.4 Cloudera Cloudera Manager 3.7 Apache Software Foundation Hadoop 1.0.1 Apache Software Foundation...
Apache 'mod_fcgid'模块 2.3.6 拒绝服务漏洞
Bugtraq ID: 52565 CVE ID:VE-2012-1181 modfcgid是一个跟modfastcgi兼容的Apache module modfcgid 2.3.6没有正确处理配置在VirtualHost中的FcgidMaxProcessesPerClass参数引入的一个回溯可导致FcgidMaxProcessePerClas不起作用,攻击者可以利用漏洞对模块进行拒绝服务攻击 0 Apache Software Foundation modfcgid 2.3.6 厂商解决方案 Apache ----- Apache Software Foundation modfcgi...
[SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability
-------------------------------------------------------------------------------------------------- CVE-2011-4367: Apache MyFaces information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: MyFaces Core 2.0.1 to 2.0.11 MyFaces Core 2.1.0 to...
Apache Tomcat Large Number Denial Of Service
No description provided by source. CVE-2012-0022 Apache Tomcat Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.22 - Tomcat 6.0.0 to 6.0.33 - Tomcat 5.5.0 to 5.5.34 - Earlier, unsupported versions may also be affected Descriptio...
Apache Struts会话篡改安全绕过漏洞
Bugtraq ID: 50940 Apache Struts是一款建立Java web应用程序的开放源代码架构 Apache Struts存在安全漏洞,允许恶意用户绕过部分安全限制。 org.apache.struts2.interceptor.SessionAware或org.apache.struts2.interceptor.RequestAware接口没有正确阻止对会话映射的访问,可被利用向使用组合自动绑定接口的应用程序发送特制请求,可更改会话映射 Apache Software Foundation Struts 2.1.8 .1 Apache Software...
[SECURITY] Fedora 15 Update: tomcat6-6.0.32-10.fc15
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...
[SECURITY] Fedora 15 Update: tomcat6-6.0.32-8.fc15
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...
[SECURITY] Fedora 14 Update: tomcat6-6.0.26-27.fc14
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...
Apache Plans Range Header Bug Fix in Next Day
The Apache Software Foundation plans to have a fix available in the next day or so for the denial-of-service problem in Apache that was publicized late last week. The bug, which in some forms has been under discussion for more than four years, involves the way that the Web server handles certain...
Apache Archiva 1.3.4 Cross Site Request Forgery
CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability Severity: High Vendor: The Apache Software Foundation Versions Affected: Archiva 1.3.0 - 1.3.4 The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Description: An attacker can build a simple html page containing a hidden Image...
[SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-1582 Apache Tomcat security constraint bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.12-7.0.13 - - Earlier versions are not affected Description: An error in the fixes for...