Category Archives: Security

Security

Python

CVE-2011-4617

virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/. (CVSS:1.2) (Last Update:2012-01-31)

Lighttpd

CVE-2011-4362

Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index. (CVSS:5.0) (Last Update:2012-11-06)

Nginx

CVE-2011-4315

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. (CVSS:5.0) (Last Update:2012-06-08)

Apache

CVE-2011-4317

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. (CVSS:4.3) (Last Update:2013-10-10)

Apache

CVE-2011-3639

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. (CVSS:4.3) (Last Update:2012-02-24)

Apache

CVE-2011-4415

The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the “len +=” statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607. (CVSS:1.2) (Last Update:2012-07-03)

Apache

CVE-2011-3607

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. (CVSS:4.4) (Last Update:2013-10-10)

Cisco

Attention: New Cisco Security Advisory RSS Feed Locations

Effective October 18, 2011, Cisco has replaced the existing RSS feeds for Cisco Security Advisories. The new RSS feeds for Cisco Security Advisories are available at http://tools.cisco.com/security/center/psirtrss10/CiscoSecurityAdvisory.xml and http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml. The existing RSS feeds will continue to function until November 19, 2011. They will not receive updates after this date.