Apache APR 'apr_fnmatch()'拒绝服务漏洞

gtraq ID: 47820 CVE ID：CVE-2011-0419 Apache APR-util是一款可移植运行库，全名为Apache Portable Runtime。 当处理某些模式时"aprfnmatch"函数存在循环递归错误，通过提交包含通配符如""的特制请求时可触发基于栈的溢出 Apache APR 1.x 厂商解决方案 Apache Software Foundation APR 1.4.4 已经修复此漏洞，建议用户下载使用： http://www.apache.org/dist/apr/CHANGES-APR-1.4...

FreeBSD Ports: tomcat55

The remote host is missing an update to the system as announced in the referenced advisory. VID 553ec4ed-38d6-11e0-94b1-000c29ba66d2 OpenVAS Vulnerability Test $ Description: Auto generated from VID 553ec4ed-38d6-11e0-94b1-000c29ba66d2 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

Savannah GNU Site Compromised

A site belonging to the Savannah GNU free software archive was attacked recently, leading to a compromise of encrypted passwords and enabling the attackers to access restricted project material. The compromise was the result of a SQL injection attack against the savannah.gnu.org site within the...

[SECURITY] Fedora 14 Update: tomcat6-6.0.26-14.fc14

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache Shiro Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2010-3863: Apache Shiro information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shiro 1.0.0-incubating The unsupported JSecurity 0.9.x versions are also affected Description:...

[SECURITY] Fedora 13 Update: tomcat6-6.0.26-11.fc13

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 12 Update: tomcat6-6.0.26-3.fc12

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache JackRabbit 2.0.0 XPath Injection

Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description: "Apache Jackrabbit is a fully...

Apache JackRabbit 2.0.0 - webapp XPath Injection

Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description: "Apache Jackrabbit is a fully...

Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure vulnerability

No description provided by source. CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be...

Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure

Exploit for multiple platform in category remote exploits ======================================================================================= Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure vulnerability...

[SECURITY] Fedora 12 Update: tomcat6-6.0.20-1.fc12

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 11 Update: tomcat6-6.0.20-1.fc11

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache mod_proxy_ftp远程命令注入漏洞

Bugraq ID: 36254 Apache modproxyftp是一款用于处理FTP代理请求的Apache模块。 Apache modproxyftp不正确过滤用户输入数据，远程攻击者可以利用漏洞以应用程序安全上下文执行任意命令。 Intevydis公司发布的商业漏洞利用工具已经提供相关的攻击信息。目前没有详细漏洞细节提供。 Apache Software Foundation modproxyftp 厂商解决方案: 目前没有解决方案提供： http://httpd.apache.org/docs/2.0/mod/modproxyftp.html...

Apache APR和APR-util整数溢出漏洞

Bugraq ID: 35949 CVE ID：CVE-2009-2412 Apache APR-util是一款可移植运行库，全名为Apache Portable Runtime。 Apache APR Apache Portable Runtime和'APR-util'存在整数溢出，远程攻击者可以利用漏洞以利用此库的应用程序安全上下文执行任意代码。 -当对齐重定位内存块时memory/unix/aprpools.c存在整数溢出错误，可导致缓冲区溢出。 -当对齐重定位内存块时misc/aprrmm.c中的"aprrmmmalloc", "aprrmmcalloc",...

Apache Tomcat Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-5515: Apache Tomcat information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.39 Tomcat 5.5.0 to 5.5.27 Tomcat 6.0.0 to 6.0.18 The unsupported Tomcat 3.x, 4.0.x and...

[SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0783: Apache Tomcat information disclosure vulnerability Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.0 to 6.0.18 Tomcat 5.5.0 to 5.5.27 Tomcat 4.1.0 to 4.1.39 The unsupported Tomcat 3.x, 4.0.x and 5.0.x...

Apache OFBiz <= 3.0.0 Multiple HTML Injection Vulnerabilities

Apache OFBiz is prone to multiple HTML injection vulnerabilities. Copyright C 2009 Christian Eric Edjenguele Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

DDIVRT-2009-23 Apache ActiveMQ Numerous Cross Site Scripting Issues

Title ----- DDIVRT-2009-23 Apache ActiveMQ Numerous Cross Site Scripting Issues Severity -------- Low Date Discovered --------------- February 23rd, 2009 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: David Marshall and r@b13$ Vulnerability Description...

Apache Struts未明跨站脚本漏洞

BUGTRAQ ID: 34399 CVE ID：CVE-2008-2025 CNCVE ID：CNCVE-20082025 Apache Struts是一款建立Java web应用程序的开放源代码架构。 Apache Struts存在跨站脚本攻击，远程攻击者可以利用漏洞获得敏感信息。 目前没有详细漏洞细节提供。 Apache Software Foundation Struts 2.0.12 Apache Software Foundation Struts 2.0.11 .2 Apache Software Foundation Struts 2.0.9 Apache Softwar...