Debian DLA-1507-1 : libapache2-mod-perl2 security update

Jan Ingvoldstad discovered that libapache2-mod-perl2 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processi...

Design/Logic Flaw

modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting...

CVE-2011-2767

modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting...

CVE-2011-2767

modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting...

CVE-2011-2767

modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting...

CVE-2011-2767

modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting...

Oracle Linux 6 : squid34 (ELSA-2017-0183)

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2017-0183 advisory. 7:3.4.14-9.4 - Resolves: 1412733 - CVE-2016-10002 squid34: squid: Information disclosure in HTTP request processing Tenable has extracted the preceding...

SUSE SLES11 Security Update : squid (SUSE-SU-2016:2147-1)

This update for squid fixes the following issues : - CVE-2016-4051: backport fix buffer overflow in cachemgr.cgi bsc976553 - CVE-2016-4554: backport fix for header smuggling issue in HTTP Request processing bsc979010 Note that Tenable Network Security has extracted the preceding description block...

SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:1996-1)

This update for squid3 fixes the following issues : - Multiple issues in pinger ICMP processing. CVE-2014-7141, CVE-2014-7142 - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. bsc973782 - CVE-2016-4554: fix header smuggling issue in HTTP Request processing bsc979010 - fix multipl...

Lotus Domino vulnerable to denial-of-service (DoS)

Overview Lotus Domino provided by IBM contains a denial-of-service DoS vulnerability. Lotus Domino contains a denial-of-service DoS vulnerability due to an issue in processing HTTP requests. Ryouichi Ozawa of Oki Electric Industry Co., Ltd reported this vulnerability to IPA. JPCERT/CC coordinated...

JVN#51305555: Lotus Domino vulnerable to denial-of-service (DoS)

Lotus Domino contains a denial-of-service DoS vulnerability due to an issue in processing HTTP requests. Impact A remote attacker may cause the Domino service to crash. Solution Update the software Update to the latest version according to the information provided by the developer. Products...

JVN#73643130: Microsoft MSXML vulnerability in HTTP request processing

MSXML provided by Microsoft contains a vulnerability where HTTP requests for XMLHTTP objects are not processed properly. As a result, when going through a proxy server, information may be sent to another server. Impact When going through a proxy server, information such as authentication...

Adobe Flex SDK Cross-Site Scripting (APSB09-13; CVE-2009-1879)

An instance of a DOM-based Cross Site Scripting XSS vulnerability has been discovered in Adobe Flex SDK. Adobe Flex is a software development kit released by Adobe Systems for the development and deployment of cross-platform rich Internet applications based on the Adobe Flash platform. A remote...

Compaq HTTP server format string bug

Insight Management Agent format string bug during processing of HTTP request...