Oracle: Security Advisory (ELSA-2012-0069)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 6 : ruby (ELSA-2012-0069)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-0069 advisory. - Address CVE-2011-4815 'DoS excessive CPU use via hash meet-in-the-middle attacks oCERT-2011-003' ruby-1.8.7-p352-CVE-2011-4815.patch Tenable has extracted the...

RHEL 5 / 6 : jbossweb (RHSA-2012:0074)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0074 advisory. - tomcat: Multiple weaknesses in HTTP DIGEST authentication CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064 - tomcat: securit...

Security fix for the ALT Linux 7 package apr1 version 1.4.6-alt1

Nov. 16, 2012 Aleksey Avdeev 1.4.6-alt1 - New version 1.4.6 - Security fixes CVE-2011-1928, oCERT-2011-003...

RHEL 5 : python (RHSA-2012:0745)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0745 advisory. - python: potential XSS in SimpleHTTPServer's listdirectory CVE-2011-4940 - python: distutils creates /.pypirc insecurely CVE-2011-4944 -...

python security update

2.4.3-46.el58.2 - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 2.4.3-46.el58.1 - distutils.commands.register: create /.pypirc securely Resolves: CVE-2011-4944 - send encoding in SimpleHTTPServer.listdirectory to protect IE7 against potential XSS attacks...

tomcat: hash table collisions CPU usage DoS (oCERT-2011-003)

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

tomcat: hash table collisions CPU usage DoS (oCERT-2011-003)

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

tomcat: hash table collisions CPU usage DoS (oCERT-2011-003)

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

RHEL 4 : php (RHSA-2012:0071)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0071 advisory. - php: buffer over-read in Exif extension CVE-2011-0708 - php: Crash by converting serial day numbers SDN into Julian calendar CVE-2011-1466...

ruby: hash table collisions CPU usage DoS (oCERT-2011-003)

Ruby aka CRuby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...

ruby security update

1.8.5-22.1 - Properly initialize the random number generator when forking new process ruby-1.8.7-CVE-2011-3009.patch - Related: rhbz768829 1.8.5-21.1 - Revert accidential move of tcl/tk libraries. - Related: rhbz768829 1.8.5-20.1 - Address CVE-2011-4815 "DoS excessive CPU use via hash...

ruby security update

1.8.7.352-4 - Address CVE-2011-4815 'DoS excessive CPU use via hash meet-in-the-middle attacks oCERT-2011-003' ruby-1.8.7-p352-CVE-2011-4815.patch - Resolves: rhbz768831...

CVE-2011-4815 ruby: hash table collisions CPU usage DoS (oCERT-2011-003)

Ruby aka CRuby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table...