Email Bug Allows Message Snooping, Credential Theft

Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email...

SUSE: Security Advisory (SUSE-SU-2020:1498-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2209-1] tomcat8 security update

Package : tomcat8 Version : 8.0.14-1+deb8u17 CVE ID : CVE-2019-17563 CVE-2020-1935 CVE-2020-1938 CVE-2020-9484 Debian Bug : 961209 952436 952437 952438 Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine. WARNING: The fix for CVE-2020-1938 may disrupt servic...

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-1182)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2020-1182)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker...

Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4251-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4251-1 advisory. It was discovered that Tomcat incorrectly handled the RMI registry when configured with the JMX Remote Lifecycle Listener. A local attacker could possibl...

[SECURITY] [DLA 2077-1] tomcat7 security update

Package : tomcat7 Version : 7.0.56-3+really7.0.99-1 CVE ID : CVE-2019-12418 CVE-2019-17563 Two security vulnerabilities have been fixed in the Tomcat servlet and JSP engine. CVE-2019-12418 When Apache Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to...

SUSE-SU-2020:0226-1 Security update for tomcat

This update for tomcat to version 9.0.30 fixes the following issues: Security issue fixed: - CVE-2019-12418: Fixed a local privilege escalation by manipulating the RMI registry bsc1159723. - CVE-2019-17563: Fixed a session fixation attack when using FORM authentication bsc1159729. Non-security...

SUSE-SU-2020:0029-1 Security update for tomcat

This update for tomcat to version 9.0.30 fixes the following issues: Security issue fixed: - CVE-2019-12418: Fixed a local privilege escalation through by manipulating the RMI registry and performing a man-in-the-middle attack bsc1159723. - CVE-2019-17563: Fixed a session fixation attack when usi...

CVE-2019-17563

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, th...

CVE-2019-4227

IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352...

CVE-2019-4227

CVE-2019-4227 affects IBM MQ AMQP Listeners across multiple releases (8.0.0.4–8.0.0.12; 9.0.0.0–9.0.0.6; 9.1.0.0–9.1.0.2; 9.1.0–9.1.2). The issue allows an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. Public details confirm the root ...

Cisco Prime Collaboration Provisioning Tool Session Hijacking Vulnerability

A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. The vulnerability is due to insufficient session management during user authentication. An attacker could exploit this...

CentOS 7 : pcs (CESA-2016:2596)

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Apache Tomcat 7.0.x < 7.0.67 / 8.0.x < 8.0.32 Session Hijacking

Binary data 9314.prm...

Critical iOS Flaw allowed Hackers to Steal Cookies from Devices

Apple has patched a critical vulnerability in its iOS operating system that allowed criminal hackers to impersonate end users' identities by granting read/write access to website's unencrypted authentication cookies. The vulnerability was fixed with the release of iOS 9.2.1 on Tuesday, almost thr...

Ubuntu Patches Several Security Flaws

Ubuntu has released a number of patches for security vulnerabilities in several versions of the OS, including some remote code execution flaws in Thunderbird, which is included with Ubuntu. Thunderbird is Mozilla’s email client, and the company recently fixed several memory corruption...

Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_tomcat)

The remote Solaris system is missing necessary patches to address security updates : - Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...

MGASA-2015-0025 Updated firefox and thunderbird packages fixes security vulnerabilities

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it CVE-2014-8634. It was found that the Beacon interface...

Mozilla Thunderbird < 31.4 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird installed on the remote Mac OS X host is prior to 31.4. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists in 'navigator.sendBeacon' in...