Lucene search
K

1167 matches found

RedHat Linux
RedHat Linux
added 2014/05/21 3:45 p.m.10 views

tomcat: incomplete fix for CVE-2012-3544

It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat and JBoss Web processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by...

5CVSS6.8AI score0.11001EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2014/05/21 3:45 p.m.6 views

tomcat: incomplete fix for CVE-2012-3544

It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat and JBoss Web processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by...

5CVSS6.8AI score0.11001EPSS
Exploits2References4
Amazon
Amazon
added 2014/05/06 12:0 a.m.35 views

Medium: mod24_security

Issue Overview: apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header. Affected Packages: mod24security Issue Correction: Run yum update mod24security or yum...

5CVSS6.4AI score0.0267EPSS
Exploits2
OSV
OSV
added 2014/04/15 10:55 a.m.1 views

DEBIAN-CVE-2013-5705

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

5CVSS7AI score0.0267EPSS
Exploits2References1
Prion
Prion
added 2014/04/15 10:55 a.m.21 views

Authentication flaw

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

5CVSS7AI score0.0267EPSS
Exploits2References3Affected Software2
OSV
OSV
added 2014/04/15 10:55 a.m.5 views

UBUNTU-CVE-2013-5705

apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header...

5CVSS6.4AI score0.0267EPSS
Exploits2References3
OSV
OSV
added 2014/04/08 12:0 a.m.39 views

DSA-2897-1 tomcat7 - security update

Bulletin has no description...

7.5CVSS7.4AI score0.83175EPSS
Exploits16
OpenVAS
OpenVAS
added 2014/03/12 12:0 a.m.40 views

Ubuntu Update for tomcat7 USN-2130-1

Check for the Version of tomcat7 OpenVAS Vulnerability Test $Id: gbubuntuUSN21301.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for tomcat7 USN-2130-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software...

7.5CVSS7.7AI score0.83175EPSS
Exploits13References2
OpenVAS
OpenVAS
added 2014/03/12 12:0 a.m.48 views

Ubuntu: Security Advisory (USN-2130-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.83175EPSS
Exploits13References2
Tenable Nessus
Tenable Nessus
added 2014/03/07 12:0 a.m.43 views

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : tomcat6, tomcat7 vulnerabilities (USN-2130-1)

It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. A remote attacker could possibly use this flaw to conduct request smuggling attacks. CVE-2013-4286 It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A...

7.5CVSS6.9AI score0.83175EPSS
Exploits13References5
Ubuntu
Ubuntu
added 2014/03/06 1:24 p.m.74 views

USN-2130-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. A remote attacker could possibly use this flaw to conduct request smuggling attacks. CVE-2013-4286 It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A...

7.5CVSS7.1AI score0.83175EPSS
Exploits13
Prion
Prion
added 2014/02/26 2:55 p.m.26 views

Design/Logic Flaw

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...

5.8CVSS7.2AI score0.29784EPSS
Exploits4References45Affected Software1
UbuntuCve
UbuntuCve
added 2014/02/26 12:0 a.m.39 views

CVE-2013-4286

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...

5.8CVSS6.8AI score0.16833EPSS
Exploits2References5
OSV
OSV
added 2014/02/26 12:0 a.m.5 views

UBUNTU-CVE-2013-4286

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct...

5.8CVSS6.8AI score0.16833EPSS
Exploits2References6
UbuntuCve
UbuntuCve
added 2013/07/20 3:37 a.m.59 views

CVE-2013-2028

The ngxhttpparsechunked function in http/ngxhttpparse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service crash and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based...

7.5CVSS6.5AI score0.87475EPSS
Exploits15References2
RedHat Linux
RedHat Linux
added 2013/07/03 4:18 p.m.4 views

tomcat: Limited DoS in chunked transfer encoding input filter

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...

5CVSS7.4AI score0.11001EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/07/03 3:43 p.m.6 views

tomcat: Limited DoS in chunked transfer encoding input filter

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...

5CVSS7.4AI score0.11001EPSS
Exploits1References4
Ubuntu
Ubuntu
added 2013/05/28 5:2 p.m.60 views

USN-1841-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS...

6.8CVSS8.1AI score0.11001EPSS
Exploits5
Packet Storm
Packet Storm
added 2013/05/17 12:0 a.m.80 views

Nginx 1.3.9 / 1.4.0 Denial Of Service

Exploit Title: nginx v1.3.9-1.4.0 DOS POC CVE-2013-2028 Date: 16.05.2013 Exploit Author: Mert SARICA - mert . sarica @ gmail . com - http://www.mertsarica.com Vendor Homepage: http://nginx.org/ Software Link: http://nginx.org/download/nginx-1.4.0.tar.gz Version: 1.3.9-1.4.0 Tested on: Kali Linux ...

7.5CVSS6.3AI score0.87475EPSS
Exploits15
Tenable Nessus
Tenable Nessus
added 2013/05/13 12:0 a.m.51 views

Fedora 19 : nginx-1.4.1-1.fc19 (2013-7560)

Update to upstream release 1.4.1 which fixes : - CVE-2013-2028: Stack-based buffer overflow when handling certain chunked transfer encoding requests Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted t...

7.5CVSS5.7AI score0.87475EPSS
Exploits15References3
Rows per page
Query Builder