Lucene search
K

7082 matches found

Tenable Nessus
Tenable Nessus
added 2020/03/16 12:0 a.m.67 views

Amazon Linux AMI : tomcat7 (ALAS-2020-1352)

The version of tomcat7 installed on the remote host is prior to 7.0.100-1.36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1352 advisory. In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach...

9.8CVSS8.6AI score0.9927EPSS
Exploits45References7
OpenVAS
OpenVAS
added 2020/03/13 12:0 a.m.13 views

Huawei EulerOS: Security Advisory for lftp (EulerOS-SA-2020-1259)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.6AI score0.04782EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/03/13 12:0 a.m.46 views

SUSE SLES12 Security Update : squid (SUSE-SU-2020:0661-1)

This update for squid fixes the following issues : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. CVE-2019-12523,CVE-2019-18676: Fixed multiple improper validations in URI...

9.8CVSS7.6AI score0.7179EPSS
Exploits0References29
The Hacker News
The Hacker News
added 2020/03/12 2:30 p.m.389 views

Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP!

Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The vulnerability, track...

10CVSS2.4AI score0.9981EPSS
Exploits125
Mageia
Mageia
added 2020/03/10 7:4 p.m.264 views

Updated tomcat packages fix security vulnerabilities

The updated packages fix security vulnerabilities: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility ...

9.8CVSS8.9AI score0.9927EPSS
Exploits45References3
Amazon
Amazon
added 2020/03/09 12:0 a.m.138 views

Important: tomcat7

Issue Overview: In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located...

9.8CVSS8.4AI score0.9927EPSS
Exploits45
Kitploit
Kitploit
added 2020/03/07 9:30 p.m.128 views

HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol

Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered. However security software and hardware IPS, IDS, Proxy, AV, EDR... are more and more powerful and can detect these attack...

7AI score
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2020/03/06 12:0 a.m.78 views

Security update for squid (moderate)

openSUSE Security Update: Security update for squid Announcement ID: openSUSE-SU-2020:0307-1 Rating: moderate References: 1162687 1162689 1162691 Cross-References: CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 Affected Products: openSUSE Leap 15.1 An update that fixes four...

7.5CVSS7.9AI score0.7179EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.66 views

Debian DLA-2133-1 : tomcat7 security update

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. CVE-2019-17569 The refactoring in 7.0.98 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request...

9.8CVSS7.7AI score0.9927EPSS
Exploits45References5
Tenable Nessus
Tenable Nessus
added 2020/03/06 12:0 a.m.37 views

openSUSE Security Update : squid (openSUSE-2020-307)

This update for squid to version 4.10 fixes the following issues : Security issues fixed : - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy bsc1162687. - CVE-2020-8450: Fixed a buff...

7.5CVSS7.1AI score0.7179EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2020/03/05 12:0 a.m.118 views

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...

10CVSS0.4AI score0.88535EPSS
Exploits10
Kitploit
Kitploit
added 2020/03/03 8:30 p.m.111 views

XCTR Hacking Tools - All in one tools for Information Gathering

All in one tools for Information Gathering. Instagram: Capture the Root Screenshots !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUEdanvvVAkPBOspZkX397JxyXjnDNIATd5XbLZxVTPLzyCRJ1sMpQaEF7hH6x35GxYAT9L82ooTzK-EdywccEmklcpKtxIEsLBAYYDYNiTp...

7AI score
Exploits0References2
0day.today
0day.today
added 2020/03/02 12:0 a.m.356 views

Cacti v1.2.8 - Unauthenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Cacti v1.2.8 - Unauthenticated Remote Code Execution Metasploit Exploit Author: Lucas Amorim sh286s CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: Linux This module requires Metasploit:...

7.1AI score0.73779EPSS
Exploits24
RedhatCVE
RedhatCVE
added 2020/03/01 7:37 a.m.27 views

CVE-2019-5737

It was found that the original fix for Slowloris, CVE-2018-12122, was insufficient. It is possible to bypass the server's headersTimeout by sending two specially crafted HTTP requests in the same connection. An attacker could use this flaw to bypass Slowloris protection, resulting in a denial of...

7.5CVSS3.5AI score0.41288EPSS
Exploits0References4
OSV
OSV
added 2020/02/28 1:10 a.m.1 views

GHSA-767J-JFH2-JVRC Potential HTTP request smuggling in Apache Tomcat

The refactoring present in Apache Tomcat versions 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was...

4.8CVSS7.2AI score0.08872EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2020/02/28 1:10 a.m.170 views

Potential HTTP request smuggling in Apache Tomcat

The refactoring present in Apache Tomcat versions 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was...

5.8CVSS1.4AI score0.08872EPSS
Exploits0References13Affected Software2
OSV
OSV
added 2020/02/28 1:10 a.m.0 views

GHSA-QXF4-CHVG-4R8R Potential HTTP request smuggling in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

4.8CVSS7AI score0.09386EPSS
Exploits0References20
Github Security Blog
Github Security Blog
added 2020/02/28 1:10 a.m.265 views

Potential HTTP request smuggling in Apache Tomcat

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...

5.8CVSS1AI score0.09386EPSS
Exploits0References21Affected Software2
Positive Technologies
Positive Technologies
added 2020/02/28 12:0 a.m.2 views

PT-2020-14513

Name of the Vulnerable Software and Affected Versions Go versions 1.13.x through 1.13.12 Go versions 1.14.x through 1.14.4 Description The issue is related to a data race in some net/http servers. This occurs when the server concurrently reads a request body and writes a response, as demonstrated...

7.5CVSS5.5AI score0.06497EPSS
Exploits3References73
Tenable Nessus
Tenable Nessus
added 2020/02/27 12:0 a.m.39 views

SUSE SLES12 Security Update : squid (SUSE-SU-2020:0487-1)

This update for squid to version 4.10 fixes the following issues : Security issues fixed : CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy bsc1162687. CVE-2020-8450: Fixed a buffer...

7.5CVSS7.1AI score0.7179EPSS
Exploits0References12
Rows per page
Query Builder