Important: nginx:1.14 security update

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 Post Office Protocol 3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Security Fixes: HTTP/2: large amount of data request leads to denial of service CVE-2019-9511 HTTP/2: flood using...

ALSA-2019:2799 Important: nginx:1.14 security update

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 Post Office Protocol 3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Security Fixes: HTTP/2: large amount of data request leads to denial of service CVE-2019-9511 HTTP/2: flood using...

CVE-2019-14997

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN...

Authentication flaw

The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN...

CVE-2019-14997

CVE-2019-14997 affects Jira AccessLogFilter, enabling remote anonymous attackers to learn details about other users (including usernames) via an information disclosure through caching when Jira is behind a reverse proxy/load balancer with caching or a CDN. Affected software is Jira before version...

Fedora Update for nginx FEDORA-2019-7a0b45fdc4

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: nginx-1.16.1-1.fc30

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

URL Path Traversal in Jira Service Desk Server and Jira Service Desk Data Center Allows Information Disclosure - CVE-2019-14994

A URL path traversal vulnerability in Jira Service Desk Server and Jira Service Desk Data Center allows a remote attacker with portal access to view all issues from all projects in the affected instance. This could include Jira Service Desk projects, Jira Core projects, and Jira Software projects...

NewStart CGSL CORE 5.04 / MAIN 5.04 : mod_auth_mellon Multiple Vulnerabilities (NS-SA-2019-0077)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has modauthmellon packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in modauthmellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass throug...

Linking image renders image as HTTP instead of HTTPS

h3. Issue Summary Linking existing image on Confluence page will appear as broken image due to mix content. The request url is rendered with HTTP instead of HTTPS. h3. Steps to Reproduce Create/edit a page. Click + and select Files and images. Attach an image to the page. Click on image and then...

Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

GHSA-6C7V-2F49-8H26 Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

Man-in-the-Middle (MitM)

django is vulnerable to man-in-the-middle attacks. HTTP requests are not redirected to HTTPS in accordance with SECURESSLREDIRECT when deployed behind a reverse-proxy due to incorrect results for issecure and buildabsoluteuri...

Debian: Security Advisory (DLA-1842-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1842-1 : python-django security update

It was discovered that the Django Python web development framework did not correct identify HTTP connections when a reverse proxy connected via HTTPS. When deployed behind a reverse-proxy connecting to Django via HTTPS django.http.HttpRequest.scheme would incorrectly detect client requests made v...

FreeBSD : Django -- Incorrect HTTP detection with reverse-proxy connecting via HTTPS (b805d7b4-9c0c-11e9-97f0-000c29e96db4)

Django security releases issued : When deployed behind a reverse-proxy connecting to Django via HTTPS, django.http.HttpRequest.scheme would incorrectly detect client requests made via HTTP as using HTTPS. This entails incorrect results for issecure, and buildabsoluteuri, and that HTTP requests...

Ubuntu: Security Advisory (USN-4043-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : Django vulnerabilities (USN-4043-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4043-1 advisory. It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This...

[SECURITY] [DLA 1842-1] python-django security update

Package : python-django Version : 1.7.11-1+deb8u6 CVE ID : CVE-2019-12308 Debian Bug : 931316 It was discovered that the Django Python web development framework did not correct identify HTTP connections when a reverse proxy connected via HTTPS. When deployed behind a reverse-proxy connecting to...

USN-4043-1: Django vulnerabilities

It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10 and Ubuntu 19.04. CVE-2019-12308 Gavin Wahl discovered that Django incorrectly handled HTTP detection when...