CVE-2017-6056

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

CVE-2017-6056

Technical details for CVE-2017-6056 (affected product, root cause, impact and fixes) are not provided in the connected documents; monitor for updates.

CVE-2017-6056

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

CVE-2017-6056

Removed by vendor...

[SECURITY] [DLA 823-1] tomcat7 security update

Package : tomcat7 Version : 7.0.28-4+deb7u10 CVE ID : not yet available Debian Bug : 854551 It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. For Debian 7 "Wheezy", these...

Debian DSA-3788-1 : tomcat8 - security update

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

Debian DSA-3787-1 : tomcat7 - security update

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

CVE-2017-6056

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the f...

Debian Security Advisory DSA 3756-1 (icoutils - security update)

Choongwoo Han discovered that a programming error in the wrestool tool of the icoutils suite allows denial of service or the execution of arbitrary code if a malformed binary is parsed. OpenVAS Vulnerability Test $Id: deb3756.nasl 7026 2017-08-31 06:13:04Z asteins $ Auto-generated from advisory D...

FreeBSD : FreeBSD -- sendmail improper close-on-exec flag handling (6d9eadaf-6007-11e6-a6c3-14dae9d210b8)

There is a programming error in sendmail8 that prevented open file descriptors have close-on-exec properly set. Consequently a subprocess will be able to access all open files that the parent process have open. Impact : A local user who can execute their own program for mail delivery will be able...

FreeBSD -- Linux compatibility layer issetugid(2) system call

Problem Description: A programming error in the Linux compatibility layer could cause the issetugid2 system call to return incorrect information. Impact: If an application relies on output of the issetugid2 system call and that information is incorrect, this could lead to a privilege escalation...

FreeBSD -- Linux compatibility layer setgroups(2) system call

Problem Description: A programming error in the Linux compatibility layer setgroups2 system call can lead to an unexpected results, such as overwriting random kernel memory contents. Impact: It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privileg...

Debian Security Advisory DSA 3020-1 (acpi-support - security update)

During a review for EDF, Raphael Geissert discovered that the acpi-support package did not properly handle data obtained from a user OpenVAS Vulnerability Test $Id: deb3020.nasl 6735 2017-07-17 09:56:49Z teissa $ Auto-generated from advisory DSA 3020-1 using nvtgen 1.0 Script version: 1.0 Author:...

Debian: Security Advisory (DSA-3020-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OneOrZero Helpdesk 1.4 Install.PHP Administrative Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7611/info OneOrZero Helpdesk has been reported prone to an issue that may result in an attacker obtaining unauthorized administrative access. The issue presents itself due to a programming error in a Helpdesk script...

TANne 0.6.17 Session Manager SysLog Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6553/info TANne is a freely available, open source session management package. It is available for Unix and Linux operating systems. Due to programming error, it may be possible to exploit a format string vulnerability. A...

CDRTools CDRecord 1.11/2.0 Devname Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7565/info CDRecord has been reported prone to a format string vulnerability. The issue presents itself due to a programming error that occurs when calling a printf-like function. It has been reported that by harnessing an...

FreeBSD Security Advisory FreeBSD-SA-14:11.sendmail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:11.sendmail Security Advisory The FreeBSD Project Topic: sendmail improper close-on-exec flag handling Category: contrib Module: sendmail Announced: 2014-06-...

FreeBSD -- sendmail improper close-on-exec flag handling

Problem Description: There is a programming error in sendmail8 that prevented open file descriptors have close-on-exec properly set. Consequently a subprocess will be able to access all open files that the parent process have open. Impact: A local user who can execute their own program for mail...

German Developer responsible for HeartBleed Bug in OpenSSL

We have already read so many articles on Heartbleed, one of the biggest iNternet threat that recently came across by a team of security engineers at Codenomicon, while improving the SafeGuard feature in Codenomicon's Defensics security testing tools. The story has taken every media attention acro...