Scientific Linux Security Update : httpd on SL6.x i386/x86_64

The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy fla...

[USN-1506-1] Puppet vulnerabilities

========================================================================== Ubuntu Security Notice USN-1506-1 July 12, 2012 puppet vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Ubuntu: Security Advisory (USN-1506-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 2510-1] extplorer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2510-1 [email protected] http://www.debian.org/security/ Luciano Bello July 12, 2012 http://www.debian.org/security/faq -...

GLSA-201207-09 : mod_fcgid: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201207-09 modfcgid: Multiple vulnerabilities Multiple vulnerabilities have been found in modfcgid: An error in the 'fcgidheaderbucketread' function in fcgidbucket.c could cause a stack-based buffer overflow CVE-2010-3872. An error...

Debian DSA-2504-1 : libspring-2.5-java - information disclosure

It was discovered that the Spring Framework contains an information disclosure vulnerability in the processing of certain Expression Language EL patterns, allowing attackers to access sensitive information using HTTP requests. NOTE: This update adds a springJspExpressionSupport context parameter...

DSA-2504-1 libspring-2.5-java - information disclosure

Bulletin has no description...

GLSA-201206-27 : mini_httpd: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201206-27 minihttpd: Arbitrary code execution minihttpd does not properly check for shell escapes when parsing HTTP requests. Impact : A remote attacker could send specially crafted HTTP requests, possibly resulting in execution o...

mini_httpd: Arbitrary code execution

Background minihttpd is a small webserver with optional SSL and IPv6 support. Description minihttpd does not properly check for shell escapes when parsing HTTP requests. Impact A remote attacker could send specially crafted HTTP requests, possibly resulting in execution of arbitrary code with the...

BMC Identity Management - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/53924/info Identity Management is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an...

Liferay Portal Multiple Vulnerabilities

Liferay Portal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:liferay:liferayportal";...

http-traceroute NSE Script

Exploits the Max-Forwards HTTP header to detect the presence of reverse proxies. The script works by sending HTTP requests with values of the Max-Forwards HTTP header varying from 0 to 2 and checking for any anomalies in certain response values such as the status code, Server, Content-Type and...

PHP php-cgi Query String Parameter Code Execution (CVE-2012-1823; CVE-2012-2311; CVE-2012-2335; CVE-2012-2336; CVE-2013-4878)

A remote code execution vulnerability has been reported in PHP. The vulnerability is due to the improper parsing and filtering of query strings by PHP. A remote attacker may exploit this issue by sending crafted HTTP requests. Successful exploitation would allow an attacker to execute arbitrary...

Apache HTTPD Error Code 400 httpOnly Cookie Handling Information Disclosure - ver 2 (CVE-2012-0053)

An information disclosure vulnerability has been reported in Apache HTTPD server. The vulnerability is due to an error while creating the default HTTP 400 error page. A remote attacker can exploit this vulnerability by causing the target user's browser to send crafted HTTP requests to the...

Oracle GlassFish Server Multiple XSS and CSRF Vulnerabilities

This host is running Oracle GlassFish Server and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboracleglassfishservermultvuln.nasl 5956 2017-04-14 09:02:12Z teissa $ Oracle GlassFish Server Multiple XSS and CSRF Vulnerabilities Authors: Sooraj KS Copyright: Copyright c 20...

CVE-2011-4883

The web server in Certec atvise webMI2ADS aka webMI before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service resource consumption via a crafted request...

Epson EventManager 'x-protocol-version' Denial of Service Vulnerability

This host is running Epson EventManager and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: secpodepsoneventmanagerdosvuln.nasl 5950 2017-04-13 09:02:06Z teissa $ Epson EventManager 'x-protocol-version' Denial of Service Vulnerability Authors: Sooraj KS Copyright:...

Epson EventManager 'x-protocol-version' Denial of Service Vulnerability

Epson EventManager is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-1181

fcgidspawnctl.c in the modfcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service memory consumption via a series of HTTP requests that triggers a process...

CVE-2012-1181

fcgidspawnctl.c in the modfcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service memory consumption via a series of HTTP requests that triggers a process...