Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities (FREAK)

Binary data 8830.pasl...

CVE-2015-5605

The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service application crash via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of...

CVE-2015-5605

CVE-2015-5605 affects Google Chrome/Chromium with the V8 JavaScript engine. The vulnerability lies in the regular-expression implementation, which mishandles interrupts during stack-overflow exception message allocation, enabling a remote attacker to cause a denial of service (application crash) ...

RedHat Update for grep RHSA-2015:1447-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 21 Update: pcre-8.35-12.fc21

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

CVE-2015-5144

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...

CVE-2015-5144

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an 1 email message to the EmailValidator, a ...

DOS via URL validation

django.core.validators.URLValidator includes a regular expression that was extremely slow to evaluate against certain inputs...

[SECURITY] Fedora 22 Update: pcre-8.37-2.fc22

Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

Ubuntu: Security Advisory (USN-2654-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS : tomcat6 vulnerabilities (USN-2655-1)

It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. CVE-2014-0227 It was discovered that...

CVE-2015-5073

Heap-based buffer overflow in the findfixedlength function in pcrecompile.c in PCRE before 8.38 allows remote attackers to cause a denial of service crash or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an...

Ubuntu 14.04 LTS : Tomcat vulnerabilities (USN-2654-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2654-1 advisory. It was discovered that the Tomcat XML parser incorrectly handled XML External Entities XXE. A remote attacker could possibly use this issue to read...

pcre -- Heap Overflow Vulnerability in find_fixedlength()

Venustech ADLAB reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During subpattern calculation of a malformed regular expression, an offset that is used as an array index is fully controlled and can be large enough so that unexpected heap memory regions are accessed...

SUSE-SU-2015:1144-1 Security update for icu

This update fixes the following security issue in icu: CVE-2014-9654: insufficient size limit checks in regular expression compiler bsc917129 Security Issues: CVE-2014-9654...

Apache Tomcat SecurityManager Security Bypass Vulnerability (Jun 2015) - Linux

Apache Tomcat is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

CVE-2014-7810

The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanis...

CVE-2014-7810

Removed by vendor...

UBUNTU-CVE-2014-7810

The Expression Language EL implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanis...

Moodle 'filter/urltolink/filter.php' Denial of Service Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A denial of service vulnerability exists in the Moodle 'filter/urltolink/filter.php' script. A remote attacker can exploit this...