Information disclosure

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request...

CVE-2016-8747

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request...

CVE-2016-8747

The CVE-2016-8747 issue affects Apache Tomcat 8.5.7–8.5.9 and 9.0.0.M11–9.0.0.M15 in reverse-proxy configurations, where Http11InputBuffer.java can let a remote attacker read data belonging to a different request. The underlying problem is an information-disclosure vulnerability in the Tomcat rev...

Information Disclosure

tomcat-coyote is vulnerable to information disclosure. The vulnerability is caused due to a regression introduced by a refactoring to widen the use of bytebuffer. Due to the flaw, when running behind a reverse proxy, the information leaks between requests on the same connection. All HTTP connecto...

Go Time #32 - Hellogopher, whosthere?

I joined Erik St. Martin, Carlisia Pinto and Brian Ketelsen for episode 32 of the Go Time podcast to chat about Hellogopher, whosthere whoami.filippo.io, $GOPATH, TLS 1.3, Cloudflare's secret reverse proxy, and more. Go Time 32 — Hellogopher, whosthere? with Filippo Valsorda hellogopher — "just...

PT-2017-9778 · Apache · Apache Tomcat

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 8.5.7 through 8.5.9 Apache Tomcat versions 9.0.0.M11 through 9.0.0.M15 Description: An information disclosure issue was discovered in Apache Tomcat in reverse-proxy configurations, allowing remote attackers to read data...

Fixed in Apache Tomcat 8.5.11

Note: The issue below was fixed in Apache Tomcat 8.5.10 but the release vote for the 8.5.10 release candidate did not pass. Therefore, although users must download 8.5.11 to obtain a version that includes the fix for this issue, version 8.5.10 is not included in the list of affected versions...

FreeBSD : squid -- multiple vulnerabilities (41f8af15-c8b9-11e6-ae1b-002590263bf5)

Squid security advisory 2016:10 reports : Due to incorrect comparison of request headers Squid can deliver responses containing private data to clients it should not have reached. This problem allows a remote attacker to discover private and sensitive information about another clients browsing...

undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS

It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service...

undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS

It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service...

undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS

It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service...

undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS

It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service...

Amazon Linux: Security Advisory (ALAS-2016-713)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 3701-1 (nginx - security update)

Dawid Golunski reported the nginx web server packages in Debian suffered from a privilege escalation vulnerability www-data to root due to the way log files are handled. This security update changes ownership of the /var/log/nginx directory root. In addition, /var/log/nginx has to be made...

CVE-2016-7046

Red Hat JBoss Enterprise Application Platform EAP 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service CPU and disk consumption via a long URL...

CVE-2016-7046

Red Hat JBoss Enterprise Application Platform EAP 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service CPU and disk consumption via a long URL...

DEBIAN-CVE-2016-7046

Red Hat JBoss Enterprise Application Platform EAP 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service CPU and disk consumption via a long URL...

Design/Logic Flaw

Red Hat JBoss Enterprise Application Platform EAP 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service CPU and disk consumption via a long URL...

UBUNTU-CVE-2016-7046

Red Hat JBoss Enterprise Application Platform EAP 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service CPU and disk consumption via a long URL...

CVE-2016-7046

Red Hat JBoss Enterprise Application Platform EAP 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service CPU and disk consumption via a long URL...