165 matches found
mod_cluster: malicious worker nodes can register on any vhost
modcluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from ...
Important: Red Hat Security Advisory: mod_cluster-native security update
Updated modcluster packages that fix one security issue are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...
mod_cluster: malicious worker nodes can register on any vhost
modcluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from ...
Important: Red Hat Security Advisory: mod_cluster-native security update
An update for the modcluster native component for JBoss Enterprise Web Server 1.0.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...
CVE-2006-4431
CVE-2006-4431 affects Zend Platform (Session Clustering Daemon) and the mod_cluster module; versions 2.2.1 and earlier are vulnerable. The issue is multiple buffer overflows triggered by a PHPSESSID that is empty or crafted, allowing remote attackers to crash the service (DoS) or potentially exec...