UBUNTU-CVE-2014-0099

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

Apache Patches Bugs in Tomcat

Apache recently patched Tomcat, fixing a trio of information disclosure bugs and a denial of service bug in the open source web server and servlet container. The denial of service bug, discovered in February by David Jorm of the Red Hat Security Response Team, could have allowed an attacker to...

Apache Tomcat 6.0.x < 6.0.40 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 6.0.x listening on the remote host is prior to 6.0.40. It is, therefore, affected by the following vulnerabilities : - An error exists related to chunk size and chunked requests that allows denial of service attacks...

tomcat -- multiple vulnerabilities

Tomcat Security Team reports: Tomcat does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference,...

Fixed in Apache Tomcat 7.0.53

Important: Denial of Service CVE-2014-0075 It was possible to craft a malformed chunk size as part of a chucked request that enabled an unlimited amount of data to be streamed to the server, bypassing the various size limits enforced on a request. This enabled a denial of service attack. This was...

Fixed in Apache Tomcat 8.0.5

Note: The issues below were fixed in Apache Tomcat 8.0.4 but the release vote for the 8.0.4 release candidate did not pass. Therefore, although users must download 8.0.5 to obtain a version that includes fixes for these issues, version 8.0.4 is not included in the list of affected versions...

[SECURITY] Fedora 20 Update: nginx-1.4.4-1.fc20

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

[SECURITY] Fedora 19 Update: nginx-1.4.4-1.fc19

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Debian Security Advisory DSA 2532-1 (libapache2-mod-rpaf - denial of service)

Sebastien Bocahu discovered that the reverse proxy add forward module for the Apache webserver is vulnerable to a denial of service attack through a single crafted request with many headers. OpenVAS Vulnerability Test $Id: deb25321.nasl 8972 2018-02-28 07:02:10Z cfischer $ Auto-generated from...

WordPress Plugin w3-total-cache Stored XSS Vulnerability

Exploit for php platform in category web applications Steps to Produce the Vulnerability : 1 Go to Dashboard. 2 Click on Installed Plugins. 3 Go to W3-Total-Cache Plugin and Click on settings. 4 Go to Reverse Proxy and Click on page cache settings. 5 Go to Cache Preload and Type Vector - ". in...

Amazon Linux AMI : httpd (ALAS-2012-46)

It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI...

Debian Security Advisory DSA 2721-1 (nginx - buffer overflow)

A buffer overflow has been identified in nginx, a small, powerful, scalable web/proxy server, when processing certain chunked transfer encoding requests if proxypass to untrusted upstream HTTP servers is used. An attacker may use this flaw to perform denial of service attacks, disclose worker...

Fedora Update for haproxy FEDORA-2013-11212

Check for the Version of haproxy OpenVAS Vulnerability Test Fedora Update for haproxy FEDORA-2013-11212 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 19 Update: haproxy-1.4.24-1.fc19

HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread the load among several servers while assuring server persistence through the use of HTTP cookies - switch t...

CentOS 4 : httpd (CESA-2007:0747)

Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web...

[SECURITY] Fedora 17 Update: haproxy-1.4.24-1.fc17

HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread the load among several servers while assuring server persistence through the use of HTTP cookies - switch t...

[SECURITY] Fedora 18 Update: haproxy-1.4.24-1.fc18

HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread the load among several servers while assuring server persistence through the use of HTTP cookies - switch t...

[SECURITY] [DSA 2711-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2711-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 19, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2711-1 (haproxy - several vulnerabilities)

Multiple security issues have been found in HAProxy, a load-balancing reverse proxy: CVE-2012-2942 Buffer overflow in the header capture code. CVE-2013-1912 Buffer overflow in the HTTP keepalive code. CVE-2013-2175 Denial of service in parsing HTTP headers. OpenVAS Vulnerability Test $Id:...

DSA-2711-1 haproxy - several

Bulletin has no description...