Medium: tomcat8

Issue Overview: While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent...

Amazon Linux AMI : tomcat8 (ALAS-2021-1473)

The version of tomcat8 installed on the remote host is prior to 8.5.60-1.86. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1473 advisory. While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.5...

Security update for tomcat (moderate)

openSUSE Security Update: Security update for tomcat Announcement ID: openSUSE-SU-2021:0043-1 Rating: moderate References: 1179602 Cross-References: CVE-2020-17527 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for tomcat...

Updated tomcat packages fix security vulnerability

While investigating Apache issue 64830 it was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of t...

Citrix Endpoint Management (aka XenMobile Server) 10.12.0 Rolling Patch 5

Package name:xms10.12.0.10539.bin For: XenMobile Server 10.12.0 Deployment type: On-premises only Replaces:xms10.12.0.10102.bin, xms10.12.0.10204.bin, xms10.12.0.10324.bin, and xms10.12.0.10417.bin Replaced by:CTX292680 Date:November, 2020 Languages supported:English US Readme version:1.00 Readme...

SUSE-SU-2021:0042-1 Security update for tomcat

This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up bsc1179602...

SUSE-SU-2021:0031-1 Security update for tomcat

This update for tomcat fixes the following issue: - CVE-2020-17527: Fixed a HTTP/2 request header mix-up bsc1179602...

GLSA-202012-22 : HAProxy: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-202012-22 HAProxy: Arbitrary code execution It was discovered that HAProxy incorrectly handled certain HTTP/2 headers. Impact : A remote attacker, by sending a specially crafted HTTP/2 request, could possibly execute arbitrary cod...

GLSA-202012-23 : Apache Tomcat: Information disclosure

The remote host is affected by the vulnerability described in GLSA-202012-23 Apache Tomcat: Information disclosure It was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequen...

Apache Tomcat: Information disclosure

Background Apache Tomcat is a Servlet-3.0/JSP-2.2 Container. Description It was discovered that Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. Impact A remote attacker, by...

HAProxy: Arbitrary code execution

Background HAProxy is a TCP/HTTP reverse proxy for high availability environments. Description It was discovered that HAProxy incorrectly handled certain HTTP/2 headers. Impact A remote attacker, by sending a specially crafted HTTP/2 request, could possibly execute arbitrary code with the...

Updated golang-googlecode-net package fixes security vulnerabilities

This code was vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both...

Amazon Linux AMI : tomcat8 (ALAS-2020-1473) (deprecated)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1473 advisory. - While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and...

Debian DLA-2495-1 : tomcat8 security update

It was discovered that Apache Tomcat from 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2...

Debian: Security Advisory (DLA-2495-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2495-1] tomcat8 security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2495-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 16, 2020 https://wiki.debian.org/LTS -...

Apache Tomcat 8.5.0 < 8.5.60 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.5.60. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.60security-8 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions...

Apache Tomcat 9.0.0.M1 < 9.0.40 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.40. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.40security-9 advisory. - When serving resources from a network location using the NTFS file system, Apache Tomcat versions...

Security Bulletin: Potential vulnerability with Node.js

Summary A potential vulnerability has been identified related to Node.js. Refer to details for additional information. Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2 session frame which is limited to 32...

Debian DLA-2485-1 : golang-golang-x-net-dev security update (Ping Flood) (Reset Flood)

The http2 server support in this package was vulnerable to certain types of DOS attacks. CVE-2019-9512 This code was vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of response...