squid security update

CentOS Errata and Security Advisory CESA-2016:1573 An update for squid is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Apache HTTP Server Man-in-the-Middle Attack Vulnerability (Jul 2016) - Linux

Apache HTTP Server is prone to a man-in-the-middle attack vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server Man-in-the-Middle Attack Vulnerability (Jul 2016) - Windows

Apache HTTP Server is prone to a man-in-the-middle attack vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

IPv6 and proxy server IP-based authentication rule circumvention

PMASA-2016-47 Announcement-ID: PMASA-2016-47 Date: 2016-07-21 Summary IPv6 and proxy server IP-based authentication rule circumvention Description A vulnerability was discovered where, under certain circumstances, it may be possible to circumvent the phpMyAdmin IP-based authentication rules. When...

openSUSE Security Update : apache2 (openSUSE-2016-880) (httpoxy)

This update for apache2 fixes the following issues : - It used to be possible to set an arbitrary $HTTPPROXY environment variable for request handlers -- like CGI scripts -- by including a specially crafted HTTP header in the request CVE-2016-5387. As a result, these server components would...

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...

CVE-2016-5385

Removed by vendor...

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...

The vulnerability of the WebSphere Application Server software allows a malicious intruder to compromise the confidentiality of protected information.

The vulnerability in Proxy and ODR servers of IBM WebSphere Application Server allows a malicious actor in the network to access confidential information. This vulnerability is related to the improper processing of requests...

RITM - Ruby In The Middle (HTTP/HTTPS Interception Proxy)

Ruby in the middle RITM is an HTTP/HTTPS interception proxy with on-the-fly certificate generation and signing, which leaves the user with the full power of the Ruby language to intercept and even modify requests and responses as she pleases. Installation gem install ritm Basic usage 1. Write you...

squid security update

CentOS Errata and Security Advisory CESA-2016:1138 An update for squid is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Moderate: Red Hat Security Advisory: squid security update

An update for squid is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Leaked DNS Query Detection - WPAD Proxy Request

Binary data 7202.pasl...

3: Untrusted content loaded via the API proxy can access web console credentials on the same domain

An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized accesstoken was provided in t...

Squid HTTP Response Processing Denial of Service (CVE-2016-3948)

The vulnerability is due to improper bounds checking while processing HTTP responses. A remote, unauthenticated attacker can exploit this vulnerability by returning crafted HTTP responses to the vulnerable proxy server. Successful exploitation of the vulnerability could lead to denial-of-service...

GitLab expose serious vulnerabilities, providing patch-vulnerability warning-the black bar safety net

GitLab has just announced to fix a series of important security issues, including an important elevation of Privilege. GitLab is strongly recommended that all installed 8. 2 and the subsequent version of the user as soon as possible to upgrade. GitLab has discovered a serious vulnerability that...

Oracle iPlanet Web Proxy Server 4.0.x < 4.0.27 NSS ASN.1 Decoder RCE (April 2016 CPU)

According to its self-reported version, the Oracle iPlanet Web Proxy Server formerly known as Sun Java System Web Proxy Server installed on the remote host is version 4.0.x prior to 4.0.27. It is, therefore, affected by a heap buffer overflow condition in the ASN.1 decoder in the Network Security...

Mac Adware 'OSX.Pirrit' Unleashes Ad Overload, For Now

Researchers discovered a Mac OS X variant of the Windows-based Pirrit adware that creates a proxy server on infected Mac computers and injects ads into webpages. According to researchers at Boston-based Cybereason Labs, the adware, dubbed OSX.Pirrit, is mostly benign, serving up just ads, but has...

The vulnerability of the Nginx proxy server allows attackers to induce a service failure.

The vulnerability of the Nginx proxy server is related to pointer dereferencing errors. Exploiting this vulnerability allows a malicious actor to cause a service failure incorrect pointer dereferencing and emergency termination of operations through a specially crafted UDP DNS response...

The vulnerability of the Squid proxy server allows a hacker to cause a service failure.

The vulnerability of the http.cc function in the Squid proxy server exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to cause a service failure—such as the appearance of an “Assertion failure” message and the termination of the...