CVE-2006-0600
published 2006-02-13CVE-2006-0600: elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which…
PriorityP419medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
1.76%
75.1th percentile
elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
| stefan_ritt | elog_web_logbook | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1977 openstack-keystone: Insecure management of LDAP and admin_token configuration file values
bugzilla·2013-04-19·CVSS 2.1
CVE-2013-1977 [LOW] CVE-2013-1977 openstack-keystone: Insecure management of LDAP and admin_token configuration file values
CVE-2013-1977 openstack-keystone: Insecure management of LDAP and admin_token configuration file values
A security flaw was found in the way Openstack Keystone (previously) performed management of LDAP password and admin_token Keystone daemon configuration file values. A local attacker could use this flaw to obtain sensitive information.
References:
[1] https://bugs.launchpad.net/keystone/+bug/1168252
[2] http://www.openwall.com/lists/oss-security/2013/04/19/2
Relevant upstream patch (Gerrit form):
[3] https://review.openstack.org/#/c/26826/
Discussion:
Further CVE-2013-1977 vs CVE-2013-2006 ids disambiguation:
https://bugs.launchpad.net/devstack/+bug/1168252/comments/7
---
CVE-2013-1977 does not affect our installer, as it was hardened previously and has 0600 permissions, as noted
Bugzilla
CVE-2006-2941 Mailman DoS
bugzilla·2006-07-11·CVSS 5.0
CVE-2006-2941 [MEDIUM] CVE-2006-2941 Mailman DoS
CVE-2006-2941 Mailman DoS
Ubuntu reported a possible Mailman DoS where a malformed message can cause the
mailman server to stop sending out email. Currently embargoed with no proposed
date.
Also may affect RHEL3, RHEL2.1
Discussion:
Created attachment 132224
Proposed patch from Ubuntu
---
embargo 20060718 1400 UTC
---
Embargo may be extended by request of Barry Warsaw. Please don't open this bug
at this time.
---
Ok, wrote some test cases. RHEL3 and RHEL4 are _NOT_ vulnerable, cause
python-2.3.4-14 has a email/Message.py which does not backtrace with strange
filenames.
---
RHEL3's python-2.2.3-5 also does not backtrace..
---
mailman from RHEL2.1 does not save attachements and does not parse any mime
message headers.
---
RHSA-2006:0600 is free for other things... sorry about
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528http://savannah.psi.ch/viewcvs/trunk/src/elogd.c?root=elog&rev=1487&view=diff&r1=1487&r2=1486&p1=trunk/src/elogd.c&p2=/trunk/src/elogd.chttp://secunia.com/advisories/18783http://www.debian.org/security/2006/dsa-967http://www.securityfocus.com/bid/16579https://exchange.xforce.ibmcloud.com/vulnerabilities/24707http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349528http://savannah.psi.ch/viewcvs/trunk/src/elogd.c?root=elog&rev=1487&view=diff&r1=1487&r2=1486&p1=trunk/src/elogd.c&p2=/trunk/src/elogd.chttp://secunia.com/advisories/18783http://www.debian.org/security/2006/dsa-967http://www.securityfocus.com/bid/16579https://exchange.xforce.ibmcloud.com/vulnerabilities/24707
2006-02-13
Published