Security Advisories
Denial of Service Bug in Oracle9i
August 14, 2002
ISS has issued a security alert for a DoS issue in the increasingly breakable Oracle9i database server. Due to a flaw in the software’s debugging mechanism, a remote attacker can crash the server by sending a malformed request to the SQL*NET listener. All platforms of Oracle9i 9.0.x and 9.2 are affected; a patch is available […]
Vulnerability Affects Non-Unix Apache Servers
August 12, 2002
The Apache Group has issued a security alert for all non-Unix Apache HTTP Server platforms running versions 2.0 through 2.0.39. While this initial advisory is vague, it claims that the vulnerability can “allow an attacker to inflict serious damage to a server, and reveal sensitive data.” Fortunately, a workaround is simple. Add the line: RedirectMatch […]
MS RPC vulnerability is being actively exploited
August 10, 2002
Many reports are showing that intruders are actively scanning for and exploiting the latest Microsoft’s DCOM RPC interface vulnerability. Public available Exploits are using the TCP port 135 to execute the attack and to open a privileged command shell on another specific TCP port (commonly TCP port 4444). Mitigation Procedures It is highly recommended, as […]
« Older Entries Newer Entries »
