Page 29 of 495 results (0.028 seconds)

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

CVE-2014-0446 – OpenJDK: Protect logger handlers (Libraries, 8029740)

https://notcve.org/view.php?id=CVE-2014-0446

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8, y Java SE Embedded 7u51, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con las librerías. • http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/59058 http://security.gentoo.org/glsa/glsa-201406-32.xml http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?uid=swg21672080 http://www-01.ibm.com/support •

CVSS: 5.0EPSS: 46%CPEs: 76EXPL: 1

CVE-2013-5704 – httpd: bypass of mod_headers rules via chunked requests

https://notcve.org/view.php?id=CVE-2013-5704

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." El módulo mod_headers en el servidor de Apache HTTP 2.2.22 permite a atacantes remotos evadir directivas "RequestHeader unset" mediante la colocación de una cabera en la porción "trailer" de datos enviados con codificación de transferencia fragmentada. NOTA: el proveedor afirma que "esto no es un problema de seguridad en httpd como tal." A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2 http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://martin.swende.se/blog/HTTPChunked.html http://rhn.redhat.com/errata/RHSA-2015-0325.html http://rhn.redhat.com/errata/RHSA-2015-1249.html http://rhn.redhat& • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 15%CPEs: 14EXPL: 0

CVE-2014-0098 – httpd: mod_log_config does not properly handle logging certain cookies resulting in DoS

https://notcve.org/view.php?id=CVE-2014-0098

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. La función log_cookie en mod_log_config.c en el módulo mod_log_config en el Apache HTTP Server anterior a 2.4.8 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación y caída de demonio) a través de una cookie manipulada que no es manejada debidamente durante truncado. • http://advisories.mageia.org/MGASA-2014-0135.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/58230 http://secunia.com/advisories/58915 http: • CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 3%CPEs: 10EXPL: 0

CVE-2013-6438 – httpd: mod_dav denial of service via crafted DAV WRITE request

https://notcve.org/view.php?id=CVE-2013-6438

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request. La función dav_xml_get_cdata en main/util.c en el módulo mod_dav en el Apache HTTP Server anterior a 2.4.8 no elimina debidamente caracteres de espacio en blanco de secciones CDATA, lo que permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de una solicitud DAV WRITE manipulada. • http://advisories.mageia.org/MGASA-2014-0135.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=141017844705317&w=2 http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/58230 http://secunia.com/advisories/59315 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

CVE-2013-4496 – samba: Password lockout not enforced for SAMR password changes

https://notcve.org/view.php?id=CVE-2013-4496

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts. Samba 3.x anterior a 3.6.23, 4.0.x anterior a 4.0.16 y 4.1.x anterior a 4.1.6 no fuerza el mecanismo de protección de adivinación de contraseña para todas las interfaces, lo que facilita a atacantes remotos obtener acceso a través de intentos de fuerza bruta de ChangePasswordUser2 (1) SAMR o (2) RAP. • http://advisories.mageia.org/MGASA-2014-0138.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00062.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html http://rhn. • CWE-255: Credentials Management Errors •