274 matches found
openSUSE Security Update : varnish (openSUSE-2016-588)
This varnish update to version 3.0.7 fixes the following issues : Security issues fixed : - CVE-2015-8852: Vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL. boo976097 Bugs fixed : - Stop recognizing a single CR \r as a HTTP line separator. - Improved error detection on...
Mageia: Security Advisory (MGASA-2016-0150)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2016-0150 Updated varnish packages fix CVE-2015-8852
Updated varnish packages fix security vulnerabilities: Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies CVE-2015-8852...
Updated varnish packages fix CVE-2015-8852
Updated varnish packages fix security vulnerabilities: Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies CVE-2015-8852...
Debian DSA-3553-1 : varnish - security update
Regis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
[SECURITY] [DSA 3553-1] varnish security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3553-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 22, 2016 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3553-1 (varnish - security update)
Regis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies. OpenVAS Vulnerability Test $Id: deb3553.nasl 6608 2017-07-07 12:05:05Z cfischer $...
Debian: Security Advisory (DSA-3553-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2016-2086
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...
Fedora 22 : golang-1.4.2-3.fc22 (2015-13002)
security fixes for net/http smuggling Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
USN-2654-1 tomcat7 vulnerabilities
It was discovered that the Tomcat XML parser incorrectly handled XML External Entities XXE. A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. CVE-2014-0119 It was discovered that Tomcat incorrectly handled data with malformed chunk...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.4 security update
Updated Red Hat JBoss Enterprise Application Platform 6.2.4 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...
Oracle WebLogic Server Plug-in HTTP Injection
The remote web server is using the WebLogic plug-in for Apache, IIS, or Sun web servers, a module included with Oracle formerly BEA WebLogic Server and used to proxy requests from an HTTP server to WebLogic. The version of this plug-in on the remote host is affected by an HTTP injection...
Practical Web Security testing of HTTP truncated smuggling vulnerability-vulnerability warning-the black bar safety net
In this article, we will detailed to introduce the reader for the HTTP truncated and HTTP smuggling attack security testing techniques. We will by example demonstrate how to use the HTTP Protocol, certain properties, or the use of Web application weaknesses, or different proxy for HTTP message of...