SUSE CVE-2007-6286

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to...

Denial Of Service (DoS)

ActiveMQ AMQP is vulnerable to denial of service attacks. These attacks can be conducted by opening TCP connections to a SSL port and just keeping it open. This blocks other users from accessing it...

LifeSize UVC Authenticated Remote Command Execution

When authenticated as an administrator on LifeSize UVC 1.2.6, an attacker can abuse the ping diagnostic functionality to achieve remote command execution as the www-data user or equivalent. This module requires Metasploit: http//metasploit.com/download Current source:...

CVE-2010-3083

sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service daemon outage by connecting to the SSL port but not participating in an SSL handshake...

Apache Tomcat < 5.5.26 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 5.5.26. It is, therefore, affected by multiple vulnerabilities : - The remote Apache Tomcat install may be vulnerable to an information disclosure attack via cookies. The previous...

Mandriva Linux Security Advisory : tomcat5 (MDVSA-2009:136)

Multiple security vulnerabilities has been identified and fixed in tomcat5 : When Tomcat's WebDAV servlet is configured for use with a context and has been enabled for write, some WebDAV requests that specify an entity with a SYSTEM tag can result in the contents of arbitary files being returned ...

FreeBSD Ports: apache

The remote host is missing an update to the system as announced in the referenced advisory. VID 492f8896-70fa-11d8-873f-0020ed76ef5a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Tomcat: Multiple vulnerabilities

Background Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Description The following vulnerabilities were reported: Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web...

Server side request forgery (ssrf)

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to...

CVE-2007-6286

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to...

CVE-2007-6286

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to...

Apache Tomcat 6.0.x < 6.0.16 Information Disclosure

Binary data 4368.pasl...

Fixed in Apache Tomcat 5.5.26

Low: Session hi-jacking CVE-2007-5333 The previous fix for CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value. Affects: 5.5.0-5.5.25 Low: Elevated privileges CVE-2007-5342 The JULI logging component allows web applications to provide their own logging...

CVE-2007-2704

BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service SSL port unavailability by accessing a half-closed SSL socket...

CVE-2005-3357

modssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service application crash via a non-SSL request to an SSL port, which triggers a NULL pointer dereference...

CVE-2004-0113

Memory leak in sslengineio.c for modssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service memory consumption via plain HTTP requests to the SSL port of an SSL-enabled server...

CVE-2004-0113

Memory leak in sslengineio.c for modssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service memory consumption via plain HTTP requests to the SSL port of an SSL-enabled server...

CVE-2004-0113

Memory leak in sslengineio.c for modssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service memory consumption via plain HTTP requests to the SSL port of an SSL-enabled server...

DEBIAN-CVE-2004-0113

Memory leak in sslengineio.c for modssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service memory consumption via plain HTTP requests to the SSL port of an SSL-enabled server...