Mageia: Security Advisory (MGASA-2022-0289)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0289 Updated apache-mod_wsgi packages fix security vulnerability

It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations CVE-2022-2255...

Code injection

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...

CVE-2018-1299

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...

CVE-2018-1299

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...

CVE-2018-1299

In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...

Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2015:180)

Updated apache-modwsgi package fixes security vulnerabilities : apache-modwsgi before 4.2.4 contained an off-by-one error in applying a limit to the number of supplementary groups allowed for a daemon process group. The result could be that if more groups than the operating system allowed were...

[ MDVSA-2014:253 ] apache-mod_wsgi

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:253 http://www.mandriva.com/en/support/security/ Package : apache-modwsgi Date : December 15, 2014 Affected: Business Server 1.0 Problem Description: Updated apache-modwsgi package fixes security...

Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2014:253)

Updated apache-modwsgi package fixes security vulnerability : It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode...

MGASA-2014-0513 Updated apache-mod_wsgi package fixes security vulnerability

It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode CVE-2014-8583...

Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2014:137)

Multiple vulnerabilities has been discovered and corrected in apache-modwsgi : It was found that modwsgi did not properly drop privileges if the call to setuid\ failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could...