Next Page >>
HTTP request
A DoS vulnerability exists in NetCache proxies of at least some areas
of Speedy Argentina ISP (201.255.64/18), by which a URL could be rendered
inaccessible by means of the prefetch cache control directive.
The procedure is very simple, sending several times a simple GET
HTTP/1.1 request to the victim URL will make the proxies no longer
serve it. Users will be waiting for about two minutes and then the TCP
connection will be closed, which depending on the user agent it will
be interpreted as a valid zero-length HTTP 0.9 reply or an error.
It is worth noting that this attack affects the URL EXACTLY. For
Virtual Security Research, LLC.
http://www.vsecurity.com/
Security Advisory
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: Multiple Cisco CSS / ACE Client Certificate and HTTP Header
Manipulation Vulnerabilities
Hash: SHA1
Cisco Security Response: Cisco IOS Cross-Site Scripting
Vulnerabilities
http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
Cisco Security Advisory: Cisco IOS Software Firewall Application
Inspection Control Vulnerability
Advisory ID: cisco-sa-20080924-iosfw
http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml
Revision 1.0
For Public Release 2008 September 24 1600 UTC (GMT)
Intrusion Prevention System (IPS) and Cisco IOS Zone-Based Firewall
features. These vulnerabilities are:
* Memory leak in Cisco IOS Software
* Cisco IOS Software Denial of Service when processing specially
crafted HTTP packets
Cisco has released free software updates that address these
vulnerabilities.
Workarounds that mitigate these vulnerabilities are not available.
The Cisco ACE Application Control Engine Module and Cisco ACE 4710
Application Control Engine contain the following DoS vulnerabilities:
* Real-Time Streaming Protocol (RTSP) inspection DoS vulnerability
* HTTP, RTSP, and Session Initiation Protocol (SIP) inspection DoS
vulnerability
* Secure Socket Layer (SSL) DoS vulnerability
* SIP inspection DoS vulnerability
Cisco has released free software updates for affected customers.
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers
Advisory ID: cisco-sa-20090727-wlc
http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml
Revision 1.0
For Public Release 2009 July 27 1600 UTC (GMT)
+ Vulnerability in HTC Peep: Twitter Credentials Disclosure
http://blog.taddong.com/2011/02/vulnerability-in-htc-peep-twitter.html
Title: Twitter credentials disclosure in HTC Peep mobile app (default HTC Twitter client)
Vulnerability ID: TAD-2011-001
Credits: This vulnerability was discovered by Raul Siles, Founder and Senior Security Analyst with Taddong (www.taddong.com)
Publication date: February 4, 2011
vulnerability may allow a Man-in-the-Middle (MITM) attacker to inject
arbitrary data into the beginning of the application protocol stream
protected by TLS.
The only ArubaOS component that seems affected by this issue is the
HTTPS WebUI administration interface. If a client browser (victim) is
configured to authenticate to the WebUI over HTTPS using a client
certificate, an attacker can potentially use the victim's credentials
temporarily to execute arbitrary HTTP request for each initiation of an
HTTPS session from the victim to the WebUI. This would happen without
any HTTPS/TLS warnings to the victim. This condition can essentially be
Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services
Module
Advisory ID: cisco-sa-20071017-fwsm
http://www.cisco.com/warp/public/707/cisco-sa-20071017-fwsm.shtml
Revision 1.0
For Public Release 2007 October 17 1600 UTC (GMT)
Vuln name: GCALDaemon Remote DoS
Systems affected: GCALDaemon 1.0-beta13 (all platforms)
Systems not affected: -
Severity: Low
Local/Remote: Remote
Vendor URL: http://gcaldaemon.sourceforge.net/
Author(s): Luca "ikki" Carettoni - luca.carettoni@securenetwork.it
Vendor disclosure: 22nd August 2007
Vendor acknowledged: 22nd August 2007
Vendor patch release: n/a
Public disclosure: 18th September 2007
advisory recently concerning some XSS/CSRF holes in the IOS..
quote{
Document ID: 98605
http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
Revision 1.0
For Public Release 2009 January 14 1600 UTC (GMT)
Cisco Response:
"Two separate Cisco IOS® Hypertext Transfer Protocol (HTTP) cross-site
scripting (XSS) vulnerabilities have been reported to Cisco [...]
====================
Vulnerability :
When used as a Server Load Balancer and/or SSL offloader it's possible
to do requests
to the backend without leaving any ip address in the http server logs.
it's possible
then to do any L7 http attacks anonymousely.
A Bug request has been opened at cisco TAC, it has been classified
"work as designed"
these vulnerabilities. Cisco has made free software available to
address this issue for affected customers.
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20080213-phone.shtml
Affected Products
=================
Vulnerable Products
Title: Simple PHP Blog (sphpblog) <= 0.5.1 Multiple Vulnerabilities
Vendor: http://sourceforge.net/projects/sphpblog/
Advisory: http://acid-root.new.fr/?0:15
Author: DarkFig < gmdarkfig (at) gmail (dot) com >
Released on: 2007/10/21
Changelog: ----------
L M H T
Summary: Ip Spoofing [X] [_] [_] [X]
vulnerability.
There are no workarounds that mitigate this vulnerability.
This advisory is posted at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs
Note:Effective October 18, 2011, Cisco moved the current list of
Cisco Security Advisories and Responses published by Cisco PSIRT. The
new location is:
http://tools.cisco.com/security/center/publicationListing
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive
Security Appliance and Cisco PIX Security Appliances
Advisory ID: cisco-sa-20090408-asa
http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml
Revision 1.0
For Public Release 2009 April 08 1600 UTC (GMT)
PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method
Vulnerability found: 7 November 2007
Vendor contacted: 14 November 2007
Risk factor: N/A
The reason why we didn't consider this vulnerability a security risk is because the attacker needs to force the victim's browser to submit a malformed HTTP method.
Additional details:
SQL query:
SQL:
SELECT id FROM cube_CubeCart_search WHERE searchstr='''
Sample HTTP Request:
GET /cubecart_4/index.php?_a=viewCat&searchStr='&Submit=Go HTTP/1.1
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c
Acunetix-Aspect: enabled
Cookie: PHPSESSID=7c970bfe00c50261d25166dbab43c294;
ccUser=7c970bfe00c50261d25166dbab43c294
On July 15 OuTian reported a vulnerability in Apache Tomcat[2] whereby
overwide byte sequences in utf-8 could bypass both Apache Tomcat access
control restrictions as well as path decoding logic.
On July 17 Simon Ryeo reported[3] a variation of the same vulnerability in
Apache httpd server when proxying content generated from Tomcat.
Remy Maucherat wrote a patch to address this particular expression of the
vector for Tomcat 6.0.x[4] which also mitigates against any similar but as
yet undiscovered decoding vulnerabilities. This patch has also been ported
to 5.5.x[5] and 4.1.x[6]. On July 31st the Apache Software Foundation
Name Multiple Vulnerabilities in Jetty
Systems Affected Jetty 7.0.0 and earlier versions
Severity Medium
Impact (CVSSv2) Medium 5/10, vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Vendor http://www.mortbay.org/jetty/
Advisory http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
Authors Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Antonio "s4tan" Parata (s4tan AT ush DOT it)
Date 20091024
Name Multiple Vulnerabilities in FormMail
Systems Affected FormMail 1.92 and possibly earlier versions
Severity Medium
Impact (CVSSv2) Medium 4.3/10, vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Vendor http://www.scriptarchive.com/formmail.html
Advisory http://www.ush.it/team/ush/hack-formmail_192/adv.txt
Authors Francesco "ascii" Ongaro (ascii AT ush DOT it)
Giovanni "evilaliv3" Pellerano (evilaliv3 AT ush DOT it)
Antonio "s4tan" Parata (s4tan AT ush DOT it)
Date 20090511
"This software provides a vast amount of automation, including event
correlation and automated monitoring of your network to improve the
efficiency and productivity of your IT staff."
Product Link:
http://www.openview.hp.com/products/nnm/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered vulnerabilities in HP OpenView Network
1. DESCRIPTION
There is a DoS vulnerability in Cisco Linksys router WRH54G http service. Any anonymous attacker could crash the http service easily by sending a malformed http request, and needn't any privilege.
When the device attempts to process the malformed request, it will be possible to corrupt sensitive memory. Although unconfirmed, it may also be possible to modify various configuration settings or execute malicious code.
After being attacked, Cisco Linksys router can't be accessed remotely by any user. Http service is not recovered and the attacked router can not be managed without a hard reboot. A reboot of router may cause network disconnected.
Further more, the firewall can still route packets.
Cisco Security Advisory: CDS Internet Streamer: Web Server Directory
Traversal Vulnerability
Advisory ID: cisco-sa-20100721-spcdn
http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml
Revision 1.0
For Public Release 2010 July 21 1600 UTC (GMT)
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:323
http://www.mandriva.com/security/
_______________________________________________________________________
Package : apache
Date : December 7, 2009
Affected: 2008.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0. ORIGINAL ADVISORY
~~~~~~~~~~~~~~~~~~~~
http://o0o.nu/~meder/o0o_bypassing_servlet_input_validation_filters.txt
I. BACKGROUND
~~~~~~~~~~~~~
NOTE: This advisory will use OWASP's Stinger and Struts framework to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
VSR Security Advisory
http://www.vsecurity.com/
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs
Core Security Technologies - Corelabs Advisory
http://corelabs.coresecurity.com/
ZOHO ManageEngine ADSelfService multiple vulnerabilities
1. *Advisory Information*
Title: ZOHO ManageEngine ADSelfService multiple vulnerabilities
Advisory ID: CORE-2011-0103
RESOLUTION
The vulnerability can be resolved by the following procedure:
Disable the array's HTTP and HTTPS network management services (Note: This will also disable all management access from a Web browser. Array management access may be maintained via Command Line Interface [CLI].) Use the instructions outlined in the Workaround section below to disable the HTTP and HTTPS network management services.
Install TS230P008 firmware as soon as possible. If the HTTP and HTTPS network management services have been previously disabled, the services may be re-enabled as the issue is fully resolved in TS230P008 firmware.
TS230P008 firmware installation and workaround instructions:
Next Page>>
|
