[SECURITY] Fedora 20 Update: haproxy-1.5.4-1.fc20

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

WordPress WP-Ban 1.62 Bypass Vulnerability

WordPress WP-Ban plugin version 1.62 suffers from a bypass vulnerability when a properly minted X-Forwarded-For header is used. Details ================ Software: WP-Ban Version: 1.62 Homepage: http://wordpress.org/plugins/wp-ban/ Advisory report:...

Ubuntu 14.04 LTS : Tomcat vulnerabilities (USN-2302-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2302-1 advisory. David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw t...

FreeBSD : tomcat -- multiple vulnerabilities (81fc1076-1286-11e4-bebd-000c2980a9f3)

Tomcat Security Team reports : Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2014:0921 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

httpd: mod_proxy denial of service

A denial of service flaw was found in the modproxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules MPM that would cause the httpd child process to crash...

httpd: mod_proxy denial of service

A denial of service flaw was found in the modproxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules MPM that would cause the httpd child process to crash...

DEBIAN-CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

UBUNTU-CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

GameHouse dldisplay ActiveX control 0,Real Server 5.0/7.0 Internal IP Address Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/1049/info By default, Real Server includes the IP address of the server in data sent to the client. If the Real Server is installed on a machine in a NAT environment, where requests from the outside network are handled by...

CVE-2014-3052

The reverse-proxy feature in IBM Security Access Manager ISAM for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL...