jenkins: Failures to process form submission data could result in secrets being displayed or written to logs

An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with...

HackerOne: Corrupted Authorization header can cause logs not to be ingested properly in ████████

HackerOne ingests different logs in ██████, one of them being nginx access logs from our load balancers. The default log format of our load balancer configuration is shown below. As can be seen in the format, the HTTP user specified in the Authorization header $remoteuser is placed between the...

Debian DLA-1507-1 : libapache2-mod-perl2 security update

Jan Ingvoldstad discovered that libapache2-mod-perl2 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processi...

Design/Logic Flaw

modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting...

CVE-2011-2767

modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting...

CVE-2011-2767

modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting...

CVE-2011-2767

modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting...

CVE-2011-2767

modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

Tinysvcmdns Multi-label DNS Heap Overflow Vulnerability

Summary An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this...

CVE-2017-6683

A vulnerability in the esclistener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. More...

tomcat: Infinite loop in the processing of https requests

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop...

Oracle Linux 6 : squid34 (ELSA-2017-0183)

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2017-0183 advisory. 7:3.4.14-9.4 - Resolves: 1412733 - CVE-2016-10002 squid34: squid: Information disclosure in HTTP request processing Tenable has extracted the preceding...

SUSE SLES11 Security Update : squid (SUSE-SU-2016:2147-1)

This update for squid fixes the following issues : - CVE-2016-4051: backport fix buffer overflow in cachemgr.cgi bsc976553 - CVE-2016-4554: backport fix for header smuggling issue in HTTP Request processing bsc979010 Note that Tenable Network Security has extracted the preceding description block...

SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:1996-1)

This update for squid3 fixes the following issues : - Multiple issues in pinger ICMP processing. CVE-2014-7141, CVE-2014-7142 - CVE-2016-3947: Buffer overrun issue in pinger ICMPv6 processing. bsc973782 - CVE-2016-4554: fix header smuggling issue in HTTP Request processing bsc979010 - fix multipl...

CVE-2016-2774

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service INSIST assertion failure or request-processing outage by establishing many sessions...

CVE-2016-2774

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service INSIST assertion failure or request-processing outage by establishing many sessions...

Microsoft Exchange Server Information Disclosure Vulnerability

Microsoft Exchange Server is a set of e-mail service programs from the American company Microsoft Microsoft. An information disclosure vulnerability exists when OWA in Microsoft Exchange Server fails to properly process Web requests. An attacker can exploit the vulnerability to discover the stack...

SAP SYBASE SQL Anywhere DoS

DoS on request processing...

Microsoft Dynamics AX DoS

Query filter hangs on request processing...