SUSE-SU-2022:3325-1 Security update for go1.18

This update for go1.18 fixes the following issues: Update to go version 1.18.6 bsc1193742: - CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY bsc1203185...

UBUNTU-CVE-2022-35252

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

CVE-2022-2053

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

GHSA-G8XG-JGJ6-49R3 Django is vulnerable to Denial of Service attack in formset

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.5 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.5 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

CVE-2019-0404

SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure...

SUSE SLED15 / SLES15 Security Update : cf-cli (SUSE-SU-2019:1220-2)

"This update for cf-cli fixes the following issues : cf-cli was updated: to version 6.43.0 bsc1132242 Enhancements : cf curl supports a new --fail flag primarily for scripting purposes which returns exit code 22 for server errors story Improves cf delete-orphaned-routes such that it uses a...

CVE-2017-1515

IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825...

PT-2018-5783 · Ibm · Ibm Doors Web Access

Name of the Vulnerable Software and Affected Versions: IBM Doors Web Access versions 9.5 through 9.6 Description: The issue allows an authenticated user to obtain sensitive information from HTTP internal server error responses. Recommendations: For IBM Doors Web Access versions 9.5 through 9.6,...

CVE-2017-1240

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359...

MGASA-2017-0366 Updated x11-server packages fix security vulnerabilities

In Xext/shm, the shmseg resource id can belong to a non-existing client and abort X server with FatalError "client not in use", or overwrite existing segment of another existing client CVE-2017-13721. Generating strings for XKB data used a single shared static buffer, which offered several...

squid -- SSL/TLS processing remote DoS

Squid security advisory 2016:1 reports: Due to incorrectly handling server errors Squid is vulnerable to a denial of service attack when connecting to TLS or SSL servers. This problem allows any trusted client to perform a denial of service attack on the Squid service regardless of whether TLS or...

CVE-2013-0306

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...

CVE-2013-0306

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...

PYSEC-2013-17

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...

PYSEC-2013-17

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...