Moderate: Red Hat Security Advisory: httpd:2.4 security and bug fix update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2019-1981

A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...

CVE-2019-1981 Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass Vulnerability

A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...

Important: Red Hat Security Advisory: python security update

An update for python is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impac...

CVE-2018-14658

A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack...

Important: Red Hat Security Advisory: python security update

An update for python is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Debian DSA-4534-1 : golang-1.11 - security update

It was discovered that the Go programming language did accept and normalize invalid HTTP/1.1 headers with a space before the colon, which could lead to filter bypasses or request smuggling in some setups. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

CentOS Update for httpd CESA-2019:2343 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2019:2343 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

NewStart CGSL MAIN 4.06 : python Vulnerability (NS-SA-2019-0174)

The remote NewStart CGSL host, running version MAIN 4.06, has python packages installed that are affected by a vulnerability: - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is...

USN-4127-2 python2.7, python3.4 vulnerabilities

USN-4127-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2018-17199 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by checking the session expiry time before...

Node.js: Hostname spoofing

Summary: I found that url.parse is vulnerable to hostsplit that causes hostname spoofing. Description: Steps To Reproduce: url.parse'http://evil.c℀.victim.test/?' returns evil.ca/c.victim.test as hostname, so this hostname matches .victim.test but will access evil.ca. Welcome to Node.js v12.9.0...

Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass Vulnerability

A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...

PT-2019-3168 · Cisco · Cisco Firepower Services Software For Asa +2

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense Software affected versions not specified Cisco FirePOWER Services Software for ASA affected versions not specified Cisco Firepower Management Center Software affected versions not specified Description: The issu...

Security update for java-1_8_0-openjdk (important)

openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2019:1912-1 Rating: important References: 1115375 1141780 1141782 1141783 1141784 1141785 1141786 1141787 1141789 Cross-References: CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786...

Authorization Bypass

httpd is vulnerable to authorization bypass. The vulnerability exists through URL normalization inconsistency...

FreeBSD : python 3.6 -- multiple vulnerabilities (18ed9650-a1d6-11e9-9b17-fcaa147e860e)

Python changelog : bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and localfile:// URL schemes in URLopener.open and URLopener.retrieve of urllib.request. bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit. bpo-30458: Address CVE-2019-9740 by...

Security update for python (important)

openSUSE Security Update: Security update for python Announcement ID: openSUSE-SU-2019:1580-1 Rating: important References: 1129346 1130847 Cross-References: CVE-2019-9636 CVE-2019-9948 Affected Products: openSUSE Leap 42.3 An update that fixes two vulnerabilities is now available. Description:...

RHEL 6 : python (RHSA-2019:1467)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1467 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...