11 matches found
Mageia: Security Advisory (MGASA-2022-0289)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0289 Updated apache-mod_wsgi packages fix security vulnerability
It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations CVE-2022-2255...
CVE-2018-1299
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...
CVE-2018-1299
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...
Code injection
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...
CVE-2018-1299
In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/modwsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura...
Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2015:180)
Updated apache-modwsgi package fixes security vulnerabilities : apache-modwsgi before 4.2.4 contained an off-by-one error in applying a limit to the number of supplementary groups allowed for a daemon process group. The result could be that if more groups than the operating system allowed were...
[ MDVSA-2014:253 ] apache-mod_wsgi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:253 http://www.mandriva.com/en/support/security/ Package : apache-modwsgi Date : December 15, 2014 Affected: Business Server 1.0 Problem Description: Updated apache-modwsgi package fixes security...
Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2014:253)
Updated apache-modwsgi package fixes security vulnerability : It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode...
MGASA-2014-0513 Updated apache-mod_wsgi package fixes security vulnerability
It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode CVE-2014-8583...
Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2014:137)
Multiple vulnerabilities has been discovered and corrected in apache-modwsgi : It was found that modwsgi did not properly drop privileges if the call to setuid\ failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could...