Roommate and Real Estate Listing Classified Response version 1.0 suffers from a cross site scripting vulnerability.
d54780016e5b539d90fcd5e721cc4385e43883abf2fb9de472fb98d7df5ede2cMobile MP3 Search Engine version 2.0 suffers from a HTTP response splitting vulnerability.
4a234a62d9055e4a817636cab81811ebdcb76770efd193cc42471310e95ae02fRed Hat Security Advisory 2012-0325-01 - JBoss Web is a web container based on Apache Tomcat. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. Various other issues were addressed.
d22d787c4112a659c3c9e4f42170042f88ea6052206c4cfb93c8a3c97eae2892Ubuntu Security Notice 1371-1 - It was discovered that cvs incorrectly handled certain responses from proxy servers. If a user were tricked into connecting to a malicious proxy server, a remote attacker could cause cvs to crash, or possibly execute arbitrary code.
456195625d6524c03923a1457d002d80445f9f034e991f9bbf3bbe3eb73ae6a5Red Hat Security Advisory 2012-0321-01 - Concurrent Version System is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. All users of cvs are advised to upgrade to these updated packages, which contain a patch to correct this issue.
286bd54779b5c16c26d69ad0f13809a6a3ffda1eb265fbfeaf74bff12f263554WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
586fbad973ea45413a2213504358a5aee068c791511b7cdb2756e9cc84cdcf2cRed Hat Security Advisory 2012-0085-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. The same-origin policy in Thunderbird treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information that may be included in HTTP proxy error replies, generated in response to invalid URLs using square brackets.
fe4d73c0e1fcfc4fc1ff96734d69098c1227b4827555ab95f7dcc0b4b1d719bfRed Hat Security Advisory 2012-0084-01 - SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. The same-origin policy in SeaMonkey treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information that may be included in HTTP proxy error replies, generated in response to invalid URLs using square brackets.
39ff68cd83efc384bf01448850de7e3a08a5b5755f99a6396e8299ecd7c70391Red Hat Security Advisory 2012-0074-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".
695e031cafab885e3b33ac9cfc4d29d7d6668de2559566e57b6c6021f0e19b4eRed Hat Security Advisory 2012-0075-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".
3967876ba80d348d6a7fa18fec993a5850529c859a7070df5abbd60a9a1cc5c2Red Hat Security Advisory 2012-0077-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the "-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=x" and "-Dorg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT=x" system properties as JAVA_OPTS entries in "jboss-as-web/bin/run.conf".
62189c2efd836c99ad687dbdd17abd498e1f9ee30e32a8d54d4d85ae4f68bce5Red Hat Security Advisory 2012-0076-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the "-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=x" and "-Dorg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT=x" system properties as JAVA_OPTS entries in "jboss-as-web/bin/run.conf".
c37cdb370faed7aec780b9b7f3059e2ba1f342262670c61553cb34a4e6c9b355Technical Cyber Security Alert 2012-24A - US-CERT has received information from multiple sources about coordinated distributed denial-of-service (DDoS) attacks with targets that included U.S. government agency and entertainment industry websites. The loosely affiliated collective "Anonymous" allegedly promoted the attacks in response to the shutdown of the file hosting site MegaUpload and in protest of proposed U.S. legislation concerning online trafficking in copyrighted intellectual property and counterfeit goods (Stop Online Piracy Act, or SOPA, and Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act, or PIPA).
925a21594f876a867e4c6e9471fa1023ca73286d7899e7a048b74bdefeb10aaaThe paper demonstrates how traffic load of a shared packet queue can be exploited as a side channel through which protected information leaks to an off-path attacker. The attacker sends to a victim a sequence of identical spoofed segments. The victim responds to each segment in the sequence (the sequence is reflected by the victim) if the segments satisfy a certain condition tested by the attacker. The responses do not reach the attacker directly, but induce extra load on a routing queue shared between the victim and the attacker. Increased processing time of packets traversing the queue reveal that the tested condition was true. The paper concentrates on the TCP, but the approach is generic and can be effective against other protocols that allow to construct requests which are conditionally answered by the victim.
3546c0dc78f266d98a1564272798e15179b459b412544a8b194584b94ad28904Debian Linux Security Advisory 2385-1 - Ray Morris discovered that the PowerDNS authoritative sever responds to response packets. An attacker who can spoof the source address of IP packets can cause an endless packet loop between a PowerDNS authoritative server and another DNS server, leading to a denial of service.
1af26261bd274f8a9c3d3be7ef287921f0c64debe3c1e32e36a9b3ed81c1b88bRed Hat Security Advisory 2012-0010-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A malicious CIFS server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. The way fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload functionality on were handled could allow a remote attacker to cause a denial of service.
557893d6076de010f89965257f12c763df4474c60b2d096db7dea8c57ede5c1eSecunia Security Advisory - Two vulnerabilities have been reported in OPC DataHub and Cascade DataHub, which can be exploited by malicious people to conduct cross-site scripting attacks and HTTP response splitting attacks.
3052a5d814a37992a60fb623fa36eeb1422307ca1bc690b4f49d4e4690aedc6fSecunia Security Advisory - Two vulnerabilities have been reported in Cogent DataHub, which can be exploited by malicious people to conduct cross-site scripting attacks and HTTP response splitting attacks.
b2e2feba3178001ecacfd9d2403c86e53cada4b437bb8a7af6b0a7883a76da37Debian Linux Security Advisory 2381-1 - It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash.
17e34658a97477a20eed60bd15f3b6425fcbe048094fb417f5bec8484204a56cThis Metasploit module exploits Stream Down version 6.8.0 using a SEH based buffer overflow that is triggered when processing the server response packet. During the overflow a structured exception handler is overwritten.
6bbe536d2eec48c278183c8a6d5335f1b5a29fdc9af13d4570983598df20d9f2WordPress version 3.3 suffers from a cross site scripting vulnerability during a 500 response when flagging a comment as a duplicate.
7e7f614355b2219cf1f6dc3c6b51dbfba33a39b627db55ee1b3e1189cf9ebe2bDebian Linux Security Advisory 2370-1 - It was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service.
e000da874c7e25eebb25bcd0318bb4cd093a50d621919fe8f74cae1ca32435f3WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
8e6fe6a513916c776350b0cbff29427e8719a4d3095dfe4fdd3b4ad34e3bde2eWeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
6e46638034d12ee47a4a4955583b5065ffc4d0142d553c15fc90abbf42ca5b89Asterisk Project Security Advisory - It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and 1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport or nat=yes and the other was nat=no or nat=comedia.
dde4d639d451106635a87c7b3b2c41c2b6129d36252423186294aad787478c61Secunia Security Advisory - Red Hat has issued an update for perl. This fixes a weakness and two vulnerabilities, which can be exploited by malicious people to bypass certain security features and conduct HTTP response splitting attacks.
2e4d6eee9b473cd107e2cbb527258b0fce386201da36b1e27fee689d5ee79ee1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed