The vulnerability of the ApiPageSet.php file of the software for implementing the MediaWiki hypertext environment allows a hacker to cause a service failure.

The vulnerability of the ApiPageSet.php file of the software for implementing the MediaWiki hypertext environment is related to an unlimited loop. When requesting this file, a RequestTimeoutException occurs, and the request is redirected to other options with specified redirections and converted...

NITRO API commands not working, request times out.

NITRO API endpoint is not working, the requests sent to the NSIP timeout without a response...

BIT-MEDIAWIKI-2023-29139

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur RequestTimeoutException or upstream request timeout...

CVE-2024-23322 Envoy crashes when idle and request per try timeout occur within the backoff interval

Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedgeonpertrytimeout is enabled, 2. pertryidletimeout is enabled it can only be done in configuration, 3. per-try-timeout...

PVS server fail to boot with error “Login request timed out”

High percentage of PVS provisioned desktop servers fail to boot. This is the sequence of the events: 1. The servers boot with an ISO. 2. The tsbbdm.bin is downloaded from the 1st PVS on the site. 3. The streaming process fails. 4. Error pops up :“Login request timed out”. Rebooting the PVS server...

CVE-2023-29139

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur RequestTimeoutException or upstream request timeout...

libmemcached-awesome 信息泄露漏洞

libmemcached-awesome is an open source C/C++ client library and tool for memcached servers from the individual developers of Awesome. An information disclosure vulnerability exists in versions of libmemcached-awesome prior to 1.1.4, which stems from a request timeout that can return previously...

SUSE CVE-2007-6750

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the modreqtimeout module in versions before 2.2.15...

GitLab: DOS via issue preview

Summary Previewing an issue with a specially-crafted description results in high CPU usage for 60 seconds request timeout. Multiple requests can be issued in parallel to create a larger impact. Steps to reproduce 1. Given an authorized user on GitLab.com - anyone can self-register. On EE - depend...

GitLab: DOS via move_issue

Summary Moving an issue with a specially-crafted description results in high CPU usage for 60 seconds request timeout. Multiple requests can be issued in parallel to create a larger impact. Steps to reproduce 1. Given an authorized user on GitLab.com - anyone can self-register. On EE - depends on...

Elastic Stack Kibana 资源管理错误漏洞

Elastic Stack Kibana is an application from Elastic Stack USA. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate within Elastic Stack. A resource management error vulnerability exists in Kibana that stems from a lack of a timeout or a limit on t...

CVE-2020-28493

This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to...

U.S. Dept Of Defense: [CVE-2018-0296] Cisco VPN path traversal on the https://███████/ (████.███.mil)

The CVE-2018-0296 vulnerability was discovered in a Cisco VPN system. It allowed an unauthenticated attacker to perform path traversal and disclose sensitive information such as VPN sessions and user files. The issue was addressed by updating to a patched version that returned a 404 "File not...

U.S. Dept Of Defense: [CVE-2018-0296] Cisco VPN path traversal on the https://███ (████████████████)

A path traversal vulnerability was discovered in Cisco VPN that could allow unauthenticated users to disclose sensitive information such as VPN sessions and files. The vulnerability was assigned CVE-2018-0296. The vulnerability was fixed in updated versions of the software...

Citrix Provisioning Services Target Boot Up Fails with Error: "login request time out "

During device boot up, there will be an error "login request time out !"...

HTTP Load Generator: hey

hey is a tiny program that sends some load to a web application – ApacheBench ab replacement. hey was originally called boom and was influenced from Tarek Ziade’s tool at tarekziade/boom . Installation go get -u github.com/rakyll/hey Note: Requires go 1.7 or greater. Usage hey runs provided numbe...

Recommended update for chromium (important)

Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-5170: Use after free in Blink - CVE-2016-5171: Use after free in Blink - CVE-2016-5172: Arbitrary Memory Read in v8 - CVE-2016-5173: Extension resource access -...