While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. Apache Tomcat versions 7.0.0 through 7.0.75, 8.0.0.RC1 through 8.0.41, 8.5.0 through 8.5.11, and 9.0.0.M1 through 9.0.0.M17 are affected.
Draw the blinds while surfing online
US President Donald Trump has opened up a new era in online advertising on the heels of his signing off on the new law that allows Internet Service Providers to resell their customer data. It is now time for customers to look at this brave new world and do some hard thinking about their lack […]
The post Draw the blinds while surfing online appeared first on Avira Blog.
Moxa MXView 2.8 Denial Of Service
Moxa MXView version 2.8 suffers from a denial of service vulnerability.
Code Igniter 3.1.3 HTTP Response Header Injection
Code Igniter version 3.1.3 suffers from an HTTP response header injection vulnerability.
WordPress Tribulant Slideshow Gallery 1.6.5 Cross Site Scripting
WordPress Tribulant Slideshow Gallery plugin versions 1.6.4 and below suffer from multiple cross site scripting vulnerabilities.
Apache Tomcat 8.x / 9.x Refactoring Information Disclosure
The refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. Apache Tomcat versions 8.5.0 through 8.5.12 and 9.0.0.M1 through 9.0.0.M18 are affected.
Spanish Harmada: More on tech support scams
David Harley and Josep Albors on the evolution of tech support scams and why the current high incidence of reports in Spain are significant.
The post Spanish Harmada: More on tech support scams appeared first on WeLiveSecurity
CVE-2017-7286
The Linux kernel package 3.16.0-28 on Ubuntu 14.04 LTS mishandles a series of mmap system calls for /dev/zero with different starting addresses, with a stated impact of “allowing for a local user to possibly gain root access,” aka an “inode integer overflow.”
CVE-2017-7319
A vulnerability in the Linux kernel package 3.16.0-28 on Ubuntu 14.04 LTS allows any user to send a SIGIO signal to any process. If the process does not catch or ignore the signal, it will exit.
Ghost in the Shell: Fantasy meets reality with cybersecurity themes
With the recent big screen adaptation of Ghost in the Shell, we thought it would be a good idea to review some of the cybersecurity themes it explores.
The post Ghost in the Shell: Fantasy meets reality with cybersecurity themes appeared first on WeLiveSecurity
