On 08/24/2011 07:55 PM, Dirk-Willem van Gulik wrote:
Apache HTTPD Security ADVISORY
==
UPDATE 1
Title: Range header DoS vulnerability Apache HTTPD 1.3/2.x
CVE: CVE-2011-3192
Last Change: 20110824 1800Z
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Apache HTTPD Security ADVISORY
==
UPDATE 2
Title: Range header DoS vulnerability Apache HTTPD 1.3/2.x
CVE: CVE-2011-3192
Last Change: 20110826 1030Z
Date:20110824
On 26/08/11 12:35, Dirk-Willem van Gulik wrote:
Apache HTTPD Security ADVISORY
==
UPDATE 2
Title: Range header DoS vulnerability Apache HTTPD 1.3/2.x
CVE: CVE-2011-3192
Last Change: 20110826 1030Z
Date
Option 2: (Pre 2.2 and 1.3)
# Reject request when more than 5 ranges in the Range: header. #
CVE-2011-3192 # RewriteEngine on RewriteCond %{HTTP:range}
!(bytes=[^,]+(,[^,]+){0,4}$|^$) # RewriteCond %{HTTP:request-range}
!(bytes=[^,]+(?:,[^,]+){0,4}$|^$) RewriteRule .* - [F]
^^ Better use
On 26 Aug 2011, at 12:09, Carlos Alberto Lopez Perez wrote:
RewriteEngine on
RewriteCond %{HTTP:range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$) [NC,OR]
RewriteCond %{HTTP:request-range} !(^bytes=[^,]+(,[^,]+){0,4}$|^$) [NC]
RewriteRule .* - [F]
Because if you don't specify the [OR] apache will
Hi.
Does anybody know what's the general opinion on disclosure of
WordPress plugin vulnerabilities in these two sections:
1) unfiltered string parameter values - while magic_quotes are
automatically turned on on WordPress = 3.0 [1] installations
2) admin ones (requires access to the restricted
On Thu, Aug 25, 2011 at 03:52:00PM -0400, valdis.kletni...@vt.edu wrote:
On Thu, 25 Aug 2011 21:35:04 +0300, Georgi Guninski said:
On Wed, Aug 24, 2011 at 10:45:53AM +0100, Mark J Cox wrote:
Use CVE-2011-3192.
why the fuck use this shit?
So that when two different people issue
On 08/26/2011 05:18 AM, SecNiche Security Labs wrote:
Hi
This paper sheds light on the findings of security testing of Java
Server Faces. JSF has been widely used as an open source web framework
for developing efficient applications using J2EE. JSF is compared with
ASP.NET framework to
Er.on the end of the link, maybe?
On 26 August 2011 14:39, Saleh q8mos...@gmail.com wrote:
On 08/26/2011 05:18 AM, SecNiche Security Labs wrote:
Hi
This paper sheds light on the findings of security testing of Java
Server Faces. JSF has been widely used as an open source web
On 08/26/2011 04:39 PM, Saleh wrote:
On 08/26/2011 05:18 AM, SecNiche Security Labs wrote:
Hi
This paper sheds light on the findings of security testing of Java
Server Faces. JSF has been widely used as an open source web framework
for developing efficient applications using J2EE. JSF is
Dne 08/26/11 13:26, bodik napsal(a):
Option 2: (Pre 2.2 and 1.3)
# Reject request when more than 5 ranges in the Range: header. #
CVE-2011-3192 # RewriteEngine on RewriteCond %{HTTP:range}
!(bytes=[^,]+(,[^,]+){0,4}$|^$) # RewriteCond %{HTTP:request-range}
!(bytes=[^,]+(?:,[^,]+){0,4}$|^$)
On Fri, 26 Aug 2011 16:19:31 +0300, Georgi Guninski said:
ok, there might be some sense in using canonical names,
but why chose possibly the worst service available?
possibly doesn't mean much unless you have an actual point to make.
from their front page: CVE® - remember, remember what
Jcow CMS 4.x:4.2 = , 5.x:5.2 = | Arbitrary Code Execution
1. OVERVIEW
Jcow CMS versions (4.x: 4.2 and lower, 5.x: 5.2 and lower) are
vulnerable to Arbitrary Code Execution.
2. BACKGROUND
Jcow is a flexible Social Networking software written in PHP. It can
help you to build a social network
Jcow CMS 4.2 = | Cross Site Scripting
1. OVERVIEW
Jcow CMS 4.2 and lower versions are vulnerable to Cross Site Scripting.
2. BACKGROUND
Jcow is a flexible Social Networking software written in PHP. It can
help you to build a social network for your interests and passions, a
member community
Look like my sites were not vulnerable. Does any of you know which setting
or module prevents kingcope's 'killer' from working?
I have the latest mod_qos and suhosin extension installed. ModSec is
disabled. I simply haven't had time to investigate this issue.
Thanks
Full Paper:
https://sitewat.ch/en/Blog/10
Using these attacks it is possible to bypass all of PHPIDS's rule sets,
which defeats all protection PHPIDS can provide. Further more on a default
install of PHPIDS the log file can be used to drop a PHP backdoor. There by
using PHPIDS as a vital
busy man, see this
https://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122d38...@minotaur.apache.org%3E
On Fri, Aug 26, 2011 at 13:44, n...@myproxylists.com wrote:
Look like my sites were not vulnerable. Does any of you know which setting
or module prevents
We are happy to announce a new release of INSECT Pro 2.7 including
changes that people ask about most often
This is a partial list of the major changes implented in version 2.7
- Available targets now has a submenu under right-click button
- Check update function added in order to verify
when is smeone going to warez this... it aint free.. but since its ad
here...well, shouldnt we b able to get a copy, thru the wares community :
cheers! waiting on those links to come pourin in1 This tool does sound
great, i just wont pay for a domplete app without some form of trial...heck
Hello Lists,
the youtube video at the bottom illustrates the threat quite good.
these where the exact same observations I had when initially running the tool.
It has to be noted that a good architecture can very likely mitigate the risks.
For example load balancing to multiple targets will most
Over the last few days,seen a number of sites getting hacked with a malware
script.
It is done using the WQuery injection attack.
WQuery ($username)
$userdata = hub#;
if (isPasswordCorrect($username:Bg, $pass:M25)) {
$userdata = Bf%ByLogin($F20); ...
}
{
AS BEGIN
21 matches
Mail list logo