CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2018-1283 – httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications
https://notcve.org/view.php?id=CVE-2018-1283
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. En Apache httpd, versiones 2.4.0 hasta la 2.4.29, cuando se configura mod_session para que reenvíe sus datos de sesión a aplicaciones CGI (SessionEnv habilitado, no por defecto), un usuario remoto podría influir en su contenido empleando una cabecera "Session". Esto viene del nombre de variable "HTTP_SESSION", empleado por mod_session para reenviar sus datos a interfaces de entrada común (CGI), dado que el prefijo "HTTP_" también es utilizado por el servidor Apache HTTP para pasar sus campos de cabecera HTTP, por especificaciones CGI. It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. • http://www.openwall.com/lists/oss-security/2018/03/24/4 http://www.securityfocus.com/bid/103520 http://www.securitytracker.com/id/1040568 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.ht • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 72EXPL: 0CVE-2017-3145 – Improper fetch cleanup sequencing in the resolver can cause named to crash
https://notcve.org/view.php?id=CVE-2017-3145
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. BIND secuenciaba incorrectamente las operaciones de limpieza en contextos fetch de recursión ascendente, lo que conduce en algunos casos a un error de uso de memoria previamente liberada que puede desencadenar un fallo de aserción y un cierre inesperado en named. Afecta a BIND desde la versión 9.0.0 hasta la versión 9.8.x, desde la versión 9.9.0 hasta la versión 9.9.11, desde la versión 9.10.0 hasta la versión 9.10.6, desde la versión 9.11.0 hasta la versión 9.11.2, desde la versión 9.9.3-S1 hasta la versión 09.9.11-S1, desde la versión 9.10.5-S1 hasta la versión 9.10.6-S1 y desde la 9.12.0a1 hasta la 9.12.0rc1. A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. • http://www.securityfocus.com/bid/102716 http://www.securitytracker.com/id/1040195 https://access.redhat.com/errata/RHSA-2018:0101 https://access.redhat.com/errata/RHSA-2018:0102 https://access.redhat.com/errata/RHSA-2018:0487 https://access.redhat.com/errata/RHSA-2018:0488 https://kb.isc.org/docs/aa-01542 https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html https://security.netapp.com/advisory/ntap-20180117-0003 https://supportportal.juniper.net/s/article/ • CWE-416: Use After Free •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5201
https://notcve.org/view.php?id=CVE-2017-5201
NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. NetApp Clustered Data ONTAP en versiones anteriores a la 8.3.2P8 y 9.0 anteriores a P2 permite que usuarios autenticados remotos obtengan información sensible del clúster y del tenant mediante vectores no especificados. Esta vulnerabilidad es diferente de CVE-2016-3064. • http://www.securityfocus.com/bid/101776 https://security.netapp.com/advisory/ntap-20170809-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2017-16642 – PHP 7.1.8 - Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-16642
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. En PHP, en versiones anteriores a la 5.6.32, versiones 7.x anteriores a la 7.0.25 y versiones 7.1.x anteriores a la 7.1.11, un error en la manipulación de timelib_meridian de la extensión de fecha de las directivas "front of" y "back of" podría ser empleado por atacantes capaces de proporcionar cadenas de fechas para filtrar información del intérprete. Esto está relacionado con lecturas fuera de límites de ext/date/lib/parse_date.c que afectan a la función php_parse_date. NOTA: este problema es diferente de CVE-2017-11145. • https://www.exploit-db.com/exploits/43133 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/101745 https://access.redhat.com/errata/RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=75055 https://github.com/derickr/timelib/commit/aa9156006e88565e1f1a5f7cc088b18322d57536 https://github.com/php/php-src/commit/5c0455bf2c8cd3c25401407f158e820aa3b239e1 https://security.netapp.com/advisory/ntap-20181123-0001 • CWE-125: Out-of-bounds Read •
CVSS: 9.6EPSS: 0%CPEs: 54EXPL: 0CVE-2017-10346 – OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711)
https://notcve.org/view.php?id=CVE-2017-10346
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101315 http://www.securitytracker.com/id/1039596 https://access.redhat.com/errata/RHSA-2017:2998 https://access.redhat.com/errata/RHSA-2017:2999 https://access.redhat.com/errata/RHSA-2017:3046 https://access.redhat.com/errata/RHSA-2017:3047 https://access.redhat.com/errata/RHSA-2017:3264 https://access.redhat.com/errata/RHSA-2017:3267 https://access.redhat.com/errata/ •