tomcat -- multiple vulnerabilities

Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...

Medium: mod_security

Issue Overview: apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. Affected Packages: modsecurity Issue Correction: Run yum update modsecurity or yum upda...

CVE-2013-5704

The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."...

CVE-2013-5704

The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."...

CVE-2013-5705

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

CVE-2013-5705

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

Authentication flaw

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

CVE-2013-5705

Affected software: ModSecurity (Apache module) before 2.7.6. Root cause: flawed handling of chunked Transfer-Encoding with a capitalized Chunked value in the HTTP header. Impact: remote attackers can bypass mod_security rules. Remediation: upgrade to ModSecurity 2.7.6 or newer (as cited by multip...

CVE-2013-5705

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

CVE-2013-5705

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

CVE-2013-5704

The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."...

Than imagined more terror! OpenSSL“effort”vulnerability in-depth analysis-vulnerability warning-the black bar safety net

Author: yaoxi original source http://blog.wangzhan.360.cn/ Recently, OpenSSL broke this year's most serious security vulnerability in the hacker community is named“heart bleed”vulnerability. 3 6 0 site Guard security team of the vulnerability analysis, the vulnerability is not only related to htt...

Updated tomcat package fixes security vulnerabilities

Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling 1 a large total amount of chunked data or 2 whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data CVE-2013-4322...

[SECURITY] Fedora 20 Update: pylint-1.1.0-1.fc20

Pylint is a python tool that checks if a module satisfy a coding standard. Pylint can be seen as another PyChecker since nearly all tests you can do with PyChecker can also be done with Pylint. But Pylint offers some more features, like checking line-code's length, checking if variable names are...

[IronWASP v0.9.7.5] Open Source Advanced Web Security Testing Platform

IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripti...

Design/Logic Flaw

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling 1 a large total amount of chunked data or 2 whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial o...

CVE-2013-4322

CVE-2013-4322 affects Apache Tomcat on multiple branches and is caused by improper handling of chunked transfer encoding trailing headers/extensions, allowing remote DoS by streaming data. Affects Tomcat 6.x up to 6.0.39, 7.x up to 7.0.50, and 8.x up to 8.0.0-RC10, and stems from an incomplete pr...

CVE-2013-4322

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling 1 a large total amount of chunked data or 2 whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial o...

CVE-2013-6485

Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service application crash or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data...

DEBIAN-CVE-2013-6485

Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service application crash or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data...