Zero-day vulnerabilities discovered: 4
Infinite loop
The vulnerability allows a remote attacker to cause DoS conditions on the target system.On April 24, 2014, the Apache Software Foundation (ASF) released an advisory warning that a patch issued in March, 2 for a zero-day vulnerability in Apache Struts up to version 2.3.16.1, did not fully patch the vulnerabilities (CVE-2014-0094 or CVE-2014-0050).
Software: Apache Struts
Links:
http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E
https://www.symantec.com/connect/blogs/emerging-threat-apache-struts-zero-day-cve-2014-0050-0094-dos...
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2014-0050--Exploit-with-Boundaries,-Loops-wi...
http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000017.html
https://www.symantec.com/connect/blogs/emerging-threat-apache-struts-zero-day-cve-2014-0050-0094-dos-and-remote-code-execution-vulner
http://www.ehackingnews.com/2014/02/cve-2014-0050-apache-tomcat-vulnerable.html
http://telussecuritylabs.com/threats/show/TSL20140206-02
http://www.javaworld.com/article/2097428/enterprise-java/denial-of-service-vulnerability-puts-apache...
Resource exhaustion
The vulnerability allows a remote attacker to cause DoS conditions on the target system.The vulnerability is known as "Apache Killer".
Software: Apache HTTP Server
Links:
http://httpd.apache.org/security/CVE-2011-3192.txt
https://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html
http://www.gossamer-threads.com/lists/apache/dev/401638
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110824161640.122D387DD@mino...
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110826103531.998348F82@mino...
http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html
https://blogs.oracle.com/security/entry/security_alert_for_cve_2011
https://wiki.apache.org/httpd/CVE-2011-3192
http://dino.ciuffetti.info/2011/08/cve-2011-3192-apachekiller/
Null pointer dereference
The vulnerability allows a remote attacker to cause DoS conditions on the target system.The vulnerability was discovered by Joe Schaefer.
Software: Subversion
Links:
http://subversion.apache.org/security/CVE-2011-1752-advisory.txt
https://lists.fedoraproject.org/pipermail/package-announce/2011-June/061913.html
https://www.ubuntu.com/usn/USN-1144-1/
https://lwn.net/Articles/446888/
http://ovaldb.altx-soft.ru/Definition.aspx?id=oval:com.altx-soft.nix:def:2140
https://groups.google.com/forum/#!topic/visualsvn/K6IsJpMWaA8
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was discovered by Jan Lieskovsky.
Exploited in the wild in December 2008.
Software: OpenOffice