Computer Security
[EN] securityvulns.ru no-pyccku


Apache Tomcat DoS and information leak
Published:13.07.2010
Source:
SecurityVulns ID:10986
Type:remote
Threat Level:
5/10
Description:Several flaws in the handling of the 'Transfer-Encoding' header.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer.")
Original documentdocumentAPACHE, [SECURITY] CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability (13.07.2010)

znc DoS
Published:13.07.2010
Source:
SecurityVulns ID:10987
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference when traffic statistics are requested while there is an unauthenticated connection.
CVE:CVE-2010-2448 (znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-2069-1] New znc packages fix denial of service (13.07.2010)

python-cjson buffer overflow
Published:13.07.2010
Source:
SecurityVulns ID:10988
Type:local
Threat Level:
4/10
Description:Buffer overflow on python script parsing
Affected:PYTHONCJSON : python-cjson 1.0
CVE:CVE-2010-1666 (Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-2068-1] New python-cjson packages fix denial of service (13.07.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod