JVN#91438377: SSL Visibility Appliance may generate illegal RST packets

SSL Visibility Appliance provided by Blue Coat Systems, Inc. is used as a transparent proxy for encrypted traffic management. It is reported that the appliance generates RST packets with incorrect sequence numbers when it receives HTTPS requests from certain web browsers. When the web server behi...

Cloudbleed Bug Leaks Sensitive Cloudflare Customer Data

The Cloudflare content delivery network for months has been leaking customer data, everything from private messages to encryption keys and credentials belonging to users of some of the Internet’s biggest properties. The vulnerability has been addressed, Cloudflare CTO John Graham-Cumming said, bu...

[SECURITY] [DSA 3788-2] tomcat8 regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3788-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2017 https://www.debian.org/security/faq -...

Denial Of Service (DoS) Via Infinite Loop

tomcat-coyote is vulnerable to denial of service DoS attacks. The vulnerability is a result of backporting a fix for CVE-2016-6816 but not backporting the fix for the Tomcat bug 57544 which fails to handle an exceptional condition check for pos while processing HTTPS requests in the Apache Tomcat...

CVE-2017-6056

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

CVE-2017-6056

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

Design/Logic Flaw

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

CVE-2017-6056

Technical details for CVE-2017-6056 (affected product, root cause, impact and fixes) are not provided in the connected documents; monitor for updates.

CVE-2017-6056

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

[SECURITY] [DLA 823-1] tomcat7 security update

Package : tomcat7 Version : 7.0.28-4+deb7u10 CVE ID : not yet available Debian Bug : 854551 It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. For Debian 7 "Wheezy", these...

Debian: Security Advisory (DSA-3788-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2016-3171 · Apache +5 · Apache Http Server +5

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server mod ssl versions 2.2.x through 2.2.32 Apache HTTP Server mod ssl versions 2.4.x through 2.4.25 Description: The issue is related to a NULL pointer dereference error in the mod ssl module of the Apache HTTP Server. This erro...

CVE-2016-1801

CVE-2016-1801 affects Apple CFNetwork Proxies in iOS (before 9.3.2), OS X (before 10.11.5), and tvOS (before 9.2.1). The vulnerability is an information leak in the handling of HTTP/HTTPS requests, allowing a privileged network-position attacker to obtain sensitive user data through URL handling....

Bash environment variable command injection in Cisco UCS Manager

Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...

Bash environment variable command injection in Cisco UCS Manager

Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...

Bash environment variable command injection in Cisco UCS Manager

Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...

CVE-2015-0580

Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System ACS before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027...

CVE-2015-0580

Summary: CVE-2015-0580 affects Cisco Secure Access Control System (ACS) prior to 5.5 patch 7, via multiple SQL injection flaws in the ACS View reporting interface. An authenticated remote attacker can craft HTTPS requests to disclose or modify data in ACS View databases due to improper input sani...

CVE-2015-0580

Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System ACS before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027...

Wifiphisher Wi-Fi Hacking Tool Automates Wi-Fi Phishing

A new Wi-Fi attack tool has been made available on GitHub that automates phishing attacks over WPA networks, putting credentials and other supposedly secret data at risk. The tool, called wifiphisher, jams Wi-Fi access points with deauthentication packets and then mimics the target access point...