what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2017-6056

Status Candidate

Overview

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Related Files

Red Hat Security Advisory 2017-0828-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0828-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
MD5 | 3e40bec85188c85df789135696804d68
Red Hat Security Advisory 2017-0829-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0829-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.14. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, web, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
MD5 | a137d31543caa82f433b8f837722a0a7
Red Hat Security Advisory 2017-0826-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0826-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
MD5 | aaab8b7598169d922d129fae3907a471
Red Hat Security Advisory 2017-0827-01
Posted Mar 23, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0827-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
MD5 | d8ac7b01f69e0963ec65da56acc19fb9
Red Hat Security Advisory 2017-0517-01
Posted Mar 14, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0517-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.

tags | advisory, java, root
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-8657, CVE-2017-6056
MD5 | 90203953fdbd31f2a4cdc2b3df6e92f3
Ubuntu Security Notice USN-3204-1
Posted Feb 20, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3204-1 - It was discovered that Tomcat incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to cause Tomcat to consume resources, resulting in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2017-6056
MD5 | 172211ef77446453d1571f89d79b27d0
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close