Articles by KENNETH

USN-5834-1: Apache HTTP Server vulnerabilities It was discovered that the Apache HTTP Server mod_dav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. (CVE-2006-20001) It was discovered that the Apache HTTP Server mod_proxy_ajp module did not properly handle certain invalid Transfer-Encoding headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-36760) Source: USN-5834-1: Apache HTTP Server vulnerabilities

USN-5835-1: Cinder vulnerability Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information. Source: USN-5835-1: Cinder vulnerability

USN-5835-2: OpenStack Glance vulnerability Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that OpenStack Glance incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information. Source: USN-5835-2: OpenStack Glance vulnerability

USN-5833-1: python-future vulnerability Sebastian Chnelik discovered that python-future incorrectly handled certain HTTP header field. An attacker could possibly use this issue to cause a denial of service. Source: USN-5833-1: python-future vulnerability