[월:] 2016년 04월

CVE-2016-0793 (jboss_wildfly_application_server)

Posted on by admin

CVE-2016-0793 (jboss_wildfly_application_server)

Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.

Source: CVE-2016-0793 (jboss_wildfly_application_server)

CVE-2016-0793

Posted on by admin

CVE-2016-0793

Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.

Source: CVE-2016-0793

CVE-2016-1345 (asa_with_firepower_services, firesight_system_software)

Posted on by admin

CVE-2016-1345 (asa_with_firepower_services, firesight_system_software)

Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.

Source: CVE-2016-1345 (asa_with_firepower_services, firesight_system_software)

CVE-2016-3141 (php)

Posted on by admin

CVE-2016-3141 (php)

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

Source: CVE-2016-3141 (php)