-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03758en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbgn03758en_us
Version: 2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3886-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 19, 2017
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-3887-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 19, 2017
CVE-2017-7659: mod_http2 null pointer dereference
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
httpd 2.4.24 (unreleased)
httpd 2.4.25
Description:
A maliciously constructed HTTP/2 request could cause mod_http2 to
dereference a NULL pointer and crash the server
# Vulnerability type: Cross Site Scripting
# Vendor: Ektron
# Product: Ektron Content Management System
# Affected version: 9.10SP1(Build 9.1.0.184)
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)
# Credit: Siyavash Ghasseminia, Edmund Goh
# CVE ID: CVE-2016-6133
# PROOF OF CONCEPT
Vulnerable
# Vulnerability type: Cross Site Scripting
# Vendor: Ektron
# Product: Ektron Content Management System
# Affected version: 9.10SP1(Build 9.1.0.184)
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)
# Credit: Siyavash Ghasseminia
# CVE ID: CVE-2016-6133
# PROOF OF CONCEPT
Vulnerable URL:
# Vulnerability type: Cross Site Scripting
# Vendor: Ektron
# Product: Ektron Content Management System
# Affected version: 9.10SP1(Build 9.1.0.184)
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)
# Credit: Siyavash Ghasseminia
# CVE ID: CVE-2016-6201
# PROOF OF CONCEPT
Vulnerable URL: