CVE-2015-2308: Esi Code Injection

Affected Versions All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, 2.5.X, and 2.6.X versions of the Symfony HttpKernel component are affected by this security issue. This issue has been fixed in Symfony 2.3.27, 2.5.11, and 2.6.6. Note that no fixes are provided for Symfony 2.0, 2.1, 2.2, and 2.4 as they ar...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Apache Tomcat 6.0.x < 6.0.40 Multiple Vulnerabilities

Binary data 8934.pasl...

Apache Tomcat 8.0.x < 8.0.4 Multiple Vulnerabilities

Binary data 8936.pasl...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Oracle Secure Global Desktop Multiple Vulnerabilities (January 2015 CPU) (POODLE)

The remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by multiple vulnerabilities in the following components : - Apache HTTP Server - Client - Gateway JARP module - Gateway Reverse Proxy - OpenSSL - Print Servlet only in...

SOL15889 - Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053

CVE-2011-3368 The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send...

[SECURITY] Fedora 21 Update: Pound-2.7-0.4.d.fc21

The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web servers. Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL ...

[SECURITY] Fedora 19 Update: Pound-2.6-8.fc19

The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web servers. Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL ...

NAT-PMP Security Vulnerability Affects 1.2M Routers

Vulnerabilities in embedded devices, in particular small office and home office routers, have been relentless. Another serious issue was discovered this week that affects more than 1.2 million such devices due to improper NAT-PMP protocol implementations, most of which run counter to the...

[SECURITY] Fedora 20 Update: nginx-1.4.7-3.fc20

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 21 Update: haproxy-1.5.4-1.fc21

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

Debian Security Advisory DSA 3029-1 (nginx - security update)

Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position. OpenVAS Vulnerability Test $Id: deb3029.nasl 6735...

[SECURITY] Fedora 20 Update: haproxy-1.5.4-1.fc20

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

WordPress WP-Ban 1.62 Bypass Vulnerability

WordPress WP-Ban plugin version 1.62 suffers from a bypass vulnerability when a properly minted X-Forwarded-For header is used. Details ================ Software: WP-Ban Version: 1.62 Homepage: http://wordpress.org/plugins/wp-ban/ Advisory report:...

Ubuntu 14.04 LTS : Tomcat vulnerabilities (USN-2302-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2302-1 advisory. David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw t...

FreeBSD : tomcat -- multiple vulnerabilities (81fc1076-1286-11e4-bebd-000c2980a9f3)

Tomcat Security Team reports : Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...