Red Hat Security Advisory 2014-0527-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
9fb819c8451770487a087050ba776284f3144e50d3ec95a8c17a734b3130b477Ubuntu Security Notice 2217-1 - It was discovered that the lxml.html.clean module incorrectly stripped control characters. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks.
7117f75f37f74cb8144e237ee206d15a04b0be006cc53d7a29c7c0989a82f056Ubuntu Security Notice 2215-1 - It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code.
9ec14266dd00638ce01decec4aed62bb9860586fae5fadcfe49e9de5ab42c55aUbuntu Security Notice 2216-1 - It was discovered that Pidgin incorrectly handled certain messages from Gadu-Gadu file relay servers. A malicious remote server or a man in the middle could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.
61f14300a62299cd50efce5700362ece2d7b215429cb91d6d934e63d2287820fUbuntu Security Notice 2218-1 - Nicolas Gregoire discovered that Xalan-Java incorrectly handled certain properties when the secure processing feature was enabled. An attacker could possibly use this issue to load arbitrary classes or access external resources.
1323147313066b484ee5b52d71d153ee6004625cdbbfd1832e83c4fe24e53415Red Hat Security Advisory 2014-0526-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
c1e9ffa1b6b350b58747812efb219474e10395a552896a59069ce8b1d24f05faRed Hat Security Advisory 2014-0530-01 - The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to run cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift node server. This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. All rubygem-openshift-origin-node users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
de34346940361343ae95ffefd8645ce90411e0a494e6ddc0b04b5f5c70f3a02fRed Hat Security Advisory 2014-0529-01 - The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to run cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift node server. This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. All rubygem-openshift-origin-node users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
254a71155ea09c0d3018088efb69aeccb585bf706d95a39a5a4041737d3ddf9dRed Hat Security Advisory 2014-0525-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
37b4e3425277b7016817fdf155a03c83226e8297ca34a53c49d26f5266d14cdaRed Hat Security Advisory 2014-0528-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
665c8003d5fa01b9594d0a03ae8df4ebc09edf6ea6f0254bba9dd07db6c66f80Apple Security Advisory 2014-15-20-1 - OS X Server 3.1.2 is now available and addresses a security issue with Ruby.
bfce49f39e7a268a72f7369a75b2a37d4f854447872c18e703a46b24932bbd5bWeb Terra version 1.1 suffers from a remote command execution vulnerability in books.cgi. Note that this finding houses site-specific data.
2eea2813384c03daef38cb12e58fd3f3705c6955ae3cf743c539dca6cd3c4575WordPress Booking System (Booking Calendar) plugin versions prior to 1.3 suffer from a remote SQL injection vulnerability.
560cfabaaf99cea066648aa76f26ae607e277548fb3dcb5c30e5c6a8952a701fWordPress Simple Popup plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
8e827ce27070a9e0bfe5c5c3687047b5aa71caeccf9f16b658eb69634b193ce5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed