load balancing
=======
The Cisco Content Switching Module (CSM) and Cisco Content Switching
Module with SSL (CSM-S) contain a memory leak vulnerability that can
result in a denial of service condition. The vulnerability exists when
the CSM or CSM-S is configured for layer 7 load balancing. An attacker
can trigger this vulnerability when the CSM or CSM-S processes TCP
segments with a specific combination of TCP flags while servers behind
the CSM/CSM-S are overloaded and/or fail to accept a TCP connection.
Cisco has released free software updates that address this
=======
The Cisco Content Switching Module (CSM) and Cisco Content Switching
Module with SSL (CSM-S) contain a memory leak vulnerability that can
result in a denial of service condition. The vulnerability exists when
the CSM or CSM-S is configured for layer 7 load balancing. An attacker
can trigger this vulnerability when the CSM or CSM-S processes TCP
segments with a specific combination of TCP flags while servers behind
the CSM/CSM-S are overloaded and/or fail to accept a TCP connection.
Cisco has released free software updates that address this
Details
=======
The Cisco ACE 4710 Application Control Engine appliance and the Cisco
ACE Application Control Engine Module for Cisco Catalyst 6500 Series
Switches and Cisco 7600 Series Routers are a load-balancing and
application-delivery solution for data centers. Multiple
vulnerabilities exist in both products. These vulnerabilities are
independent of each other. A device may be affected by one
vulnerability and not affected by another. The following information
provides the details about each of the vulnerabilities that are
will consider this newer registered instance name a cluster instance
(Oracle RAC, Real Application Clusters) or a fail over instance (Oracle
Fail over).
When 2 or more database instances are registered with the same name the
TNS listener will make load balance between all the registered remote
database servers. The latest registered remote database server will
receive the first client connection and the second will be routed to the
previously registered remote database server.
Routing client connections
by this vulnerability.
Details
=======
The Catalyst CSM is an integrated Server Load Balancing line card for
the Catalyst 6500 and 7600 Series designed to enhance the response
time for client traffic to end points including servers, caches,
firewalls, Secure Sockets Layer (SSL) devices, and VPN termination
devices.
ssl-server <context> http-header client-cert
Similarly, on the Cisco ACE, these issues may manifest themselves when
using a policy map with a class-default class, as shown below:
policy-map type loadbalance first-match SLB-VIP-REDIRECT
class class-default
serverfarm TEST-FARM
action DO-SOMETHING-WITH-HEADERS
insert-http X-SRC-IP header-value "%is"
- Web site cloaking
- Granular policies
- Secure HTTP traffic
- SSL Offloading
- SSL Acceleration
- Load Balancing
The Barracuda Web Application Firewall is a complete and powerful security solution for Web applications and Web sites. The
Barracuda Web Application Firewall provides award-winning protection against hackers leveraging protocol or application
vulnerabilities to instigate data theft, denial of service or defacement of your Web site.
unusable.
Since the ISP has its proxies infrastructure half-migrated to BlueCoat
proxies (which don't honor prefetch directive), this vulnerability may
look randomly observable on big sites (like Google) due to the
destination IP-based load balancing. Additionally it seems to be an
extra load balancing which makes some remote IP addresses be caught by
a BlueCoat proxy even though the same IP was handled nearly all times
by a NetCache.
This vulnerability was not present earlier but since Speedy made their
method, which allows remote attackers to bypass intended access
restrictions and conduct directory traversal attacks via .. (dot dot)
sequences and the WEB-INF directory in a Request (CVE-2008-5515).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
through 6.0.18, when the Java AJP connector and mod_jk load balancing
are used, allows remote attackers to cause a denial of service
(application outage) via a crafted request with invalid headers,
related to temporary blocking of connectors that have encountered
errors, as demonstrated by an error involving a malformed HTTP Host
header (CVE-2009-0033).
- Advanced identification techniques (Biometrics, RFID, etc.)
- Virtualization technologies for grid and parallel computing.
- Interactive media, voice and video, games, immersive applications
- Network virtualization, virtual private networks (VPN), and services
- VoIP protocols and services
- Content-based networking: caching, distribution, load balancing,
resiliency
- Mobile/wireless content distribution
* * * * *
Submission Instructions
------------------------
Fixed versions: 2.4.4, 2.2.22 and later
Description:
Armorlogic Profense is a Web Application Firewall and load balancing solution.
From their website (armorlogic.com):
"Protecting and securing websites and web applications can be a complicated business. Profense web application firewall simplifies protection with an affordable and easy to use, feature rich, solution that gives you full PCI DSS 1.1 and 1.2 section 6.6 compliance."
Credits:
method, which allows remote attackers to bypass intended access
restrictions and conduct directory traversal attacks via .. (dot dot)
sequences and the WEB-INF directory in a Request (CVE-2008-5515).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
through 6.0.18, when the Java AJP connector and mod_jk load balancing
are used, allows remote attackers to cause a denial of service
(application outage) via a crafted request with invalid headers,
related to temporary blocking of connectors that have encountered
errors, as demonstrated by an error involving a malformed HTTP Host
header (CVE-2009-0033).
in b64 strings to the web-browser/client that can be decoded and/or
modified.
The most common scenario where developers disable native Viewstate
controls is in multi-websever deployments when they start
load-balancing. The Viewstate keys don't match across servers; the app
breaks; the developers Google just enough info to decide to turn off
Viewstate encryption/checksums (or the server admin does it).
The fix for Viewstate load balancing issues is also super simple:
Share Viewstate MAC/checksum or encryption keys. But it is fairly
Details
=======
The Cisco ACE 4710 Application Control Engine appliance and the Cisco
ACE Application Control Engine Module for Cisco Catalyst 6500 Series
Switches and Cisco 7600 Series Routers are a load-balancing and
application-delivery solution for data centers. Multiple
vulnerabilities exist in both products. The following information
provides the details about each of the vulnerabilities that are
addressed in this advisory.
Would you agree that the issue here is RTFM?
Many developers using Viewstates aren't aware they are using Viewstates. Think "Newbie Visual Studio Jockey" developers. They are using a control in their IDE and have no idea it's passing off stuff in b64 strings to the web-browser/client that can be decoded and/or modified.
The most common scenario where developers disable native Viewstate controls is in multi-websever deployments when they start load-balancing. The Viewstate keys don't match across servers; the app breaks; the developers Google just enough info to decide to turn off Viewstate encryption/checksums (or the server admin does it).
The fix for Viewstate load balancing issues is also super simple:
Share Viewstate MAC/checksum or encryption keys. But it is fairly common not to do this until after a security assessment. Usually for the same reasons I outlined above: they aren't really even sure what Viewstate is doing.
So good work. Nicely written advisories.
- Advanced identification techniques (Biometrics, RFID, etc.)
- Virtualization technologies for grid and parallel computing.
- Interactive media, voice and video, games, immersive applications
- Network virtualization, virtual private networks (VPN), and services
- VoIP protocols and services
- Content-based networking: caching, distribution, load balancing,
resiliency
- Mobile/wireless content distribution
* * * * *
Submission Instructions
------------------------
WebLogic application server is commonly deployed in a three-tier
architecture where the application server resides behind a public-facing
web server. Oracle provides proprietary web server plugin modules for
multiple web server software packages on various platforms in order to
allow these services to act as reverse proxies and in some cases, load
balancers for multiple middle-tier WebLogic application servers.
Vulnerability Overview
- ----------------------
The vulnerability stems from the web server plugin's processing of URLs
- Measurement of system uptime and network hookup, distance (including
topology behind NAT or packet filters), user language preferences, and
so on.
- Automated detection of connection sharing / NAT, load balancing, and
application-level proxying setups,
- Detection of dishonest clients / servers that forge declarative
statements such as X-Mailer or User-Agent.
remote attacker could send specially crafted requests to the server and
bypass security restrictions, gaining access to sensitive content.
(CVE-2008-5515)
Yoshihito Fukuyama discovered that Tomcat did not properly handle errors
when the Java AJP connector and mod_jk load balancing are used. A remote
attacker could send specially crafted requests containing invalid headers
to the server and cause a temporary denial of service. (CVE-2009-0033)
D. Matscheko and T. Hackner discovered that Tomcat did not properly handle
malformed URL encoding of passwords when FORM authentication is used. A
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 07, 2007
I. BACKGROUND
Cisco Local Director is a load-balancing, connection fail-over device
used to help manage large enterprise networks. HP-UX allows for easy
interfacing with Cisco Local Director using the HP Controller for Cisco
Local Director package. In this package is ldcconn, which is configured
to run via inetd on TCP port 17781.
method, which allows remote attackers to bypass intended access
restrictions and conduct directory traversal attacks via .. (dot dot)
sequences and the WEB-INF directory in a Request (CVE-2008-5515).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
through 6.0.18, when the Java AJP connector and mod_jk load balancing
are used, allows remote attackers to cause a denial of service
(application outage) via a crafted request with invalid headers,
related to temporary blocking of connectors that have encountered
errors, as demonstrated by an error involving a malformed HTTP Host
header (CVE-2009-0033).
method, which allows remote attackers to bypass intended access
restrictions and conduct directory traversal attacks via .. (dot dot)
sequences and the WEB-INF directory in a Request (CVE-2008-5515).
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0
through 6.0.18, when the Java AJP connector and mod_jk load balancing
are used, allows remote attackers to cause a denial of service
(application outage) via a crafted request with invalid headers,
related to temporary blocking of connectors that have encountered
errors, as demonstrated by an error involving a malformed HTTP Host
header (CVE-2009-0033).
|
