DSA-2457-1 iceweasel - several

Bulletin has no description...

Potential site identity spoofing when loading RSS and Atom feeds — Mozilla

Security researcher Jeroen van der Gun reported that if RSS or Atom XML invalid content is loaded over HTTPS, the addressbar updates to display the new location of the loaded resource, including SSL indicators, while the main window still displays the previously loaded content. This allows for...

DSA-2458-1 iceape - several

Bulletin has no description...

OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity,...

CGIProxy Detection

The remote web server hosts CGIProxy nph-proxy.cgi, a web-based proxy script. This script allows remote users to retrieve any resource via HTTP, HTTPS, or FTP that is accessible from the server the script is running on. C Tenable Network Security, Inc. include"compat.inc"; ifdescription...

CVE-2012-2125

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

Confluence does not respect HTTPS in Server Base URL when 301 redirecting

We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...

Confluence does not respect HTTPS in Server Base URL when 301 redirecting

We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...

Confluence does not respect HTTPS in Server Base URL when 301 redirecting

We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...

CVE-2012-0147

Microsoft Forefront Unified Access Gateway UAG 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."...

Opera 'HTTPS-Session' Multiple Vulnerabilities (Linux)

The host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperahttpssessionsmultvulnlin.nasl 5931 2017-04-11 09:02:04Z teissa $ Opera 'HTTPS-Session' Multiple Vulnerabilities Linux Authors: Madhuri D Copyright: Copyright c 2012 Greenbone Networks...

Opera 'HTTPS-Session' Multiple Vulnerabilities - Linux

Opera is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for rpm RHSA-2012:0451-01

Check for the Version of rpm OpenVAS Vulnerability Test RedHat Update for rpm RHSA-2012:0451-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

BackupPC < 3.2.1 Multiple XSS Vulnerabilities - Active Check

BackupPC is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Fedora Update for curl FEDORA-2012-0894

Check for the Version of curl OpenVAS Vulnerability Test Fedora Update for curl FEDORA-2012-0894 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

Cisco IOS Software Command Security Bypass (cisco-sa-20120328-pai)

According to its self-reported version and configuration, the Cisco IOS software running on the remote device is affected by a security bypass vulnerability in the Authentication, Authorization, and Accounting AAA feature. An authenticated, remote attacker can exploit this, via an HTTP or HTTPS...

CVE-2012-0384

Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended acce...

Authorization

Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended acce...

CVE-2012-0384

Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended acce...

CVE-2012-0384

Summary: CVE-2012-0384 maps to a Cisco IOS/IOS XE authentication bypass vulnerability where, if AAA authorization is enabled and the HTTP/HTTPS server is active, a remote, authenticated user can bypass access restrictions and execute commands at the user’s authorization level. Affected software i...