firmed that the patch was officially released.
Corrective action:
==
Install PQ62144 (supercedes PQ62249). The URL is wrapped:
http://www-1.ibm.com/support/docview.wss?
rs=180&context=SSEQTP&q=PQ62144&uid=swg24001610
Author: Pet
Upgrade to a newer version. This issue was first resolved in build
s020711, available here: http://www.caucho.com/download/index.xtp
Author: Peter Gründl ([EMAIL PROTECTED])
KPMG is not responsible for the misuse of the
:
==
Upgrade to a newer version. This issue was first resolved in build
s020711, available here: http://www.caucho.com/download/index.xtp
Author: Peter Gründl ([EMAIL PROTECTED])
KPMG is not responsible for the misuse of the
rt packages, you can purchase incident-based
support from a technical support engineer."
Corrective action:
==
Replace the error script with a custom error page. If you do not
know how to create a .jsp file, simply create a standard 500 error
page in html, and rename it to .jsp
uild, available from:
http://jigsaw.w3.org/Devel/classes-2.2/20020711/
Author: Peter Gründl ([EMAIL PROTECTED])
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These a
security
website. If you are not a subscriber to the livesecurity service,
please contact Watchguard support further assistance.
Authors:
Andreas Sandor ([EMAIL PROTECTED])
Peter Gründl ([EMAIL PROTECTED])
KPMG is not responsib
.com/resourcelibrary/advisoriesdetail.jsp?
highlight=advisoriesnotifications&path=components/dev2dev
/resourcelibrary/advisoriesnotifications/advisory_BEA02-19.htm
Author: Peter Gründl ([EMAIL PROTECTED])
KPMG is not responsib
support for Sitespring is planned to end May, 2004.
Corrective action:
==
Apply IP filtering to the Sitespring server, so only the local host
is allowed to connect to TCP port 2500.
On Win2000 or WinXP this can be done using the built-in IP filter
functionality.
Author: Peter
: Peter Gründl ([EMAIL PROTECTED])
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG
karta-tomcat-4.0/release
/v4.1.3-beta/"
Author: Peter Gründl ([EMAIL PROTECTED])
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the pr
Title: BlackICE Agent not Firewalling After Standby
BUG-ID: 2002019
Released: 06th Jun 2002
Problem:
In a default installation, The BlackICE Agent might not reactivate
when the host re
6.0, which corrected the issues. On the 2nd
of May, 2002 we received notification that V1.6.0 had been
released.
Corrective action:
==
Install firmware version 1.6.0, which is available here:
http://www.snapgear.com/downloads.html
Authors:
Andreas Sandor ([EMAIL PROTECTED]) &
Action: Apply Service Pack 2 and then apply this patch:
ftp://ftpna.bea.com/pub/releases/security/CR045420_wls452sp2.zip
BEA WebLogic Server and Express 4.5.1 on all OS platforms
Action: Apply Service Pack 15."
Auth
has released a patched binary, which is included in
the security rollup package MS02-018, available here:
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
Author: Peter Gründl ([EMAIL PROTECTED])
KPMG is not
e for download.
Corrective action:
==
The vendor has corrected the issue and put version 1.14 online:
http://www.foundstone.com/knowledge/proddesc/fscan.html
Author: Peter Gründl ([EMAIL PROTECTED])
KPMG is not responsible for the m
April, 2002. The vendor confirmed the
bug on the same day, and notified us that a patch was being developed.
On the 17th of April, the vendor released a new version that corrects
the issues.
Corrective action:
==
The vendor has released Version 5.2b, which is available here:
http://sam
s"
3. Right-click on the website and select "Properties"
4. Select "Home Directory"
5. Click on "Configuration"
6. Select ".cfm"
7. Click on "Edit"
8. Make sure "Check that file exists" is checked
9. Do the same for ".dbm"
A
as contacted 3rd of April, 2002. The vendor confirmed the
bug on the same day, and notified us that a patch was being developed.
On the 17th of April, the vendor released a new version that corrects
the issues.
Corrective action:
==
The vendor has released Version 5.2b, which is
2002. KPMG was notified of the publication on the 17th of
April, 2002.
Corrective action:
==
The vendor has suggested two possible solutions, available here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320751
Author:
rosoft Internet Information Server 5.0
Details:
This vulnerability was discovered by Dave Aitel from @stake and by
Peter Gründl from KPMG. It was done independently, and both
reported the same two vulnerabilities to the same vendor at around
the same time.
Dave Aitel released an advisory o
rosoft Internet Information Server 5.1 with FP2002
Details:
This vulnerability was discovered by Dave Aitel from @stake and by
Peter Gründl from KPMG. It was done independently, and both
reported the same two vulnerabilities to the same vendor at around
the same time.
Frontpage contai
on the 10th of
April the vendor confirmed the issue and announced the availability
of a new firmware version, which corrects the issue.
Corrective action:
==
Upgrade to firmware version 5.0.35a, available through Watchguard
Livesecurity.
Author: Peter Gründl ([EMAIL PRO
ase of Domino (5.0.10). Late
March, 2002 the vendor released the new version, that corrected
the issue.
Corrective action:
==
Upgrade to Lotus Domino V5.0.10, which can be downloaded here:
http://www.notes.net/qmrdown.nsf
Author: Pe
==
Defcom Labs Advisory def-2001-26
IIS WebDav Lock Method Memory Leak DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-25
Carello E-Commerce Arbitrary Command Execution
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-24
Windows 2000 Kerberos DoS
Author: Peter Gründl <[EMAIL PROTECTED]>Release
Date:
2001
==
Defcom Labs Advisory def-2001-21
Ghost Multiple DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-20
Lotus Domino Multiple DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-18
Watchguard Firebox II Kernel DoS
Authors: Andreas Sandor <[EMAIL PROTECTED]>
Peter Gründl <[EMAIL PROTECTED]>
Release Date
==
Defcom Labs Advisory def-2001-17
Navision Financials Server DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-16
Internet & Acceleration Server Event DoS
Authors: Peter Gründl <[EMAIL PROTECTED]>
Andreas Sandor <[EMAIL PROTECTED]>
Release
==
Defcom Labs Advisory def-2001-15
Website Pro Remote Manager DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-14
Bea Weblogic Directory Browsing
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001-03-26
Re-release Date: 2001
==
Defcom Labs Advisory def-2001-14
Bea Weblogic Unicode Directory Browsing
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-12
Hursley Software Laboratories Consumer Transaction Framework DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-13
NTMail Web Services DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
aemon
< 3.5.6. Besides it's not a request for a dos-device inside a dos-device
(which is what triggered the old Win9x DoS.
Peter Gründl
Defcom Security
- Original Message -
From: "Nelson Brito" <[EMAIL PROTECTED]>
To: "Peter Gründl" <[EMAIL PROTECTE
==
Defcom Labs Advisory def-2001-11
MDaemon 3.5.4 Dos-Device DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-10
Websweeper Infinite HTTP Request DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-02
IBM HTTP Server Kernel Leak DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001-01-08
Re-release Date: 2001
==
Defcom Labs Advisory def-2001-09
Winzip32 zipandemail Buffer Overflow
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-08
Netscape Collabra DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-07
Watchguard Firebox II PPTP DoS
Author: Andreas Sandor <[EMAIL PROTECTED]>
Release Date: 2001-02-14
==
pe.com :) Just because they label the web server Iplanet Web
Server on the outside of the shiny box, doesn't mean the guts got any
shinier. It's still NES and I can promise you V4.1SP5 is a supported
version.
Peter Gründl
Defcom Security
==
Defcom Labs Advisory def-2001-06
Easycom/Safecom 10/100 Multiple DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-03
GoodTech Systems FTP Connection DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-05
Netscape Fasttrack Server Caching DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-04
Netscape Enterprise Server Dot-DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-02
IBM Websphere 3.52 Kernel Leak DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
==
Defcom Labs Advisory def-2001-01
ImageCast IC3 Control Center DoS
Author: Peter Gründl <[EMAIL PROTECTED]>
Release Date: 2001
50 matches
Mail list logo