Previous Security Advisories
Vulnerability Affects Non-Unix Apache Servers
August 12, 2002
The Apache Group has issued a security alert for all non-Unix Apache HTTP Server platforms running versions 2.0 through 2.0.39. While this initial advisory is vague, it claims that the vulnerability can “allow an attacker to inflict serious damage to a server, and reveal sensitive data.” Fortunately, a workaround is simple. Add the line: RedirectMatch […]
MS RPC vulnerability is being actively exploited
August 10, 2002
Many reports are showing that intruders are actively scanning for and exploiting the latest Microsoft’s DCOM RPC interface vulnerability. Public available Exploits are using the TCP port 135 to execute the attack and to open a privileged command shell on another specific TCP port (commonly TCP port 4444). Mitigation Procedures It is highly recommended, as […]
Remote Overflow in iPlanet Servers
August 9, 2002
Sun’s iPlanet Web Server, versions 6.0 and prior, has a buffer overrun vulnerability in its transfer chunking code. By issuing a malformed HTTP request, an attacker can crash the web server or possibly execute code under the service’s privileges. Sun has issued a patch, and integrated it into 4.1 SP11 and 6.0 SP4, available here. […]
« Older Entries Newer Entries »