Page 11 of 350 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). Una uri-path de petición cuidadosamente diseñada puede causar que la función mod_proxy_uwsgi lea por encima de la memoria asignada y se bloquee (DoS). Este problema afecta a Apache HTTP Server versiones 2.4.30 a 2.4.48 (incluyéndola) An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. • http://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c%40%3Cbugs.httpd.apache.org%3E https://lists.apache • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Unas peticiones malformadas pueden causar que el servidor haga desreferencia a un puntero NULL. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. • http://httpd.apache.org/security/vulnerabilities_24.html https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10379 https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E • CWE-476: NULL Pointer Dereference •

CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 1

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. Cuando en curl versiones posteriores a 7.20.0 incluyéndola, y versiones anteriores a 7.78.0 incluyéndola, se conecta a un servidor IMAP o POP3 para recuperar datos usando STARTTLS para actualizar a la seguridad TLS, el servidor puede responder y enviar múltiples respuestas a la vez que curl almacena en caché. curl entonces actualizaría a TLS pero no vaciaría la cola de respuestas almacenadas en caché, sino que continuaría usando y confiando en las respuestas que obtuvo *antes* del protocolo de enlace TLS como si estuvieran autenticadas. Usando este fallo, permite a un atacante de tipo Man-In-The-Middle inyectar primero las respuestas falsas, luego pasar mediante el tráfico TLS del servidor legítimo y engañar a curl para que envíe datos de vuelta al usuario pensando que los datos inyectados por el atacante provienen del servidor protegido por TLS A flaw was found in curl. The flaw lies in how curl handles cached or pipelined responses that it receives from either a IMAP, POP3, SMTP or FTP server before the TLS upgrade using STARTTLS. In such a scenario curl even after upgrading to TLS would trust these cached responses treating them as valid and authenticated and use them. • http://seclists.org/fulldisclosure/2022/Mar/29 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1334763 https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67 • CWE-310: Cryptographic Issues CWE-319: Cleartext Transmission of Sensitive Information CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 1

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. Un usuario puede decirle a curl versiones posteriores a 7.20.0 incluyéndola , y versiones anteriores a 7.78.0 incluyéndola, que requiera una actualización con éxito a TLS cuando hable con un servidor IMAP, POP3 o FTP ("--ssl-reqd" en la línea de comandos o "CURLOPT_USE_SSL" configurado como "CURLUSESSL_CONTROL" o "CURLUSESSL_ALL" conlibcurl). Este requisito podría ser omitido si el servidor devolviera una respuesta correctamente diseñada pero perfectamente legítima. Este fallo haría que curl continuara silenciosamente sus operaciones **withoutTLS** en contra de las instrucciones y expectativas, exponiendo posiblemente datos confidenciales en texto sin cifrar a través de la red A flaw was found in curl. • http://seclists.org/fulldisclosure/2022/Mar/29 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1334111 https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67 • CWE-319: Cleartext Transmission of Sensitive Information CWE-325: Missing Cryptographic Step •

CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. • http://www.openwall.com/lists/oss-security/2021/08/26/2 https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12 https://kc.mcafee.com/corporate/index?page=content&id=SB10366 https://lists.apache.org/thread.html/r18995de860f0e63635f3008f • CWE-125: Out-of-bounds Read •