«
Expand/Collapse
326 items tagged "http"
Related tags:
uri [+],
security weaknesses [+],
privilege escalation vulnerability [+],
mandriva linux [+],
local privilege escalation [+],
oracle [+],
max [+],
vulnerabilities [+],
shah tags [+],
service tool [+],
saumil shah [+],
netdecision [+],
buffer overflow [+],
assessment techniques [+],
traffic [+],
reverse proxy [+],
response line [+],
request response [+],
proof of concept [+],
packet sniffer [+],
mandriva [+],
local security [+],
httpry [+],
fingerprinting [+],
enterprise web server [+],
javaserver pages technologies [+],
black hat [+],
advanced [+],
denial of service [+],
tiny [+],
stack buffer [+],
referer [+],
lifetype [+],
day [+],
cross site scripting [+],
buffer overflow vulnerability [+],
based buffer overflow [+],
service vulnerability [+],
update [+],
traceroute [+],
toko [+],
share [+],
server version [+],
security [+],
scanner [+],
resource pool [+],
replay [+],
python script [+],
proxies [+],
pound [+],
pipelining [+],
oracle application server [+],
open source implementation [+],
netmechanica [+],
max forwards [+],
manx [+],
load balancer [+],
linux security [+],
linux [+],
lil [+],
kolibri [+],
jboss [+],
internal web servers [+],
internal server error [+],
information disclosure [+],
hulk [+],
http referer [+],
http headers [+],
forwards [+],
enterprise [+],
defense in depth [+],
default browser [+],
crash proof [+],
crash [+],
concurrent connections [+],
charset parameter [+],
brute force [+],
brute [+],
backend servers [+],
authentication system [+],
atutor [+],
apple software [+],
apple security [+],
advisory [+],
vulnerability [+],
red hat security [+],
xpath expressions [+],
windows [+],
whitepaper [+],
vulnerability assessment [+],
tor [+],
tool [+],
ssl [+],
security proxy [+],
sec wall [+],
remote buffer overflow vulnerability [+],
remote buffer overflow [+],
reading responses [+],
post [+],
poc [+],
parameter [+],
opencart [+],
multiple [+],
lighttpd [+],
iptables [+],
httpconsole [+],
hosts [+],
hacks [+],
exposed [+],
exploits [+],
denial of service attacks [+],
denial [+],
contamination [+],
command line interface [+],
code execution [+],
c program [+],
bog [+],
authentication schemes [+],
auth [+],
assessment [+],
ajax [+],
proxy [+],
apache tomcat [+],
tomcat [+],
information disclosure vulnerability [+],
zenphoto [+],
xss [+],
x switches [+],
x forwarded for [+],
wwwthreads [+],
webkit [+],
webapps [+],
web interface [+],
web connectivity [+],
web client [+],
usa [+],
udp services [+],
u web [+],
tibco [+],
tibbr [+],
tcp [+],
status [+],
stack [+],
sql [+],
splitting [+],
software description [+],
smart way [+],
siemens [+],
servers [+],
server directory [+],
security weakness [+],
script injection [+],
scanned [+],
scalance [+],
safer use [+],
ruby on rails [+],
ruby [+],
risk factor [+],
rhinosoft [+],
reverseproxy [+],
request headers [+],
redirects [+],
read [+],
protocol [+],
port [+],
plug ins [+],
phoenix [+],
paper [+],
oxide [+],
overflow error [+],
oracle products [+],
oracle enterprise manager [+],
nginx [+],
nanode [+],
mod [+],
mike cardwell [+],
led [+],
injection [+],
ikea [+],
icy [+],
http header [+],
host [+],
hidden image [+],
header [+],
general idea [+],
forwarded [+],
fix [+],
facebook [+],
directory traversal vulnerability [+],
dioder [+],
db services [+],
darknet [+],
csv format [+],
crushftp [+],
contao [+],
client components [+],
client [+],
backfuzz [+],
automation [+],
asia [+],
announce [+],
alex [+],
abusing [+],
Pentesting [+],
ExploitsVulnerabilities [+],
server mod [+],
response [+],
digest authentication [+],
red [+],
apache http server [+],
httpd daemon [+],
httpd [+],
http server [+],
server [+],
apache [+],
zervit,
windows sockets,
webster http,
webster,
websense,
weborf,
webenum,
web accounts,
web,
vsr,
visual,
virtual security,
via,
uri clipboard,
uplusftp,
unusual behavior,
ultralight,
txt,
traversal,
toolkit,
timeout,
synapse,
sun java,
sun,
spoofing,
silc,
sessionthief,
session,
serversman,
server v1,
server crash,
server connection,
sensitive response,
sending,
security assessment,
resource names,
research llc,
request,
remote,
received,
pipeline,
perl tool,
open ports,
null pointer,
ntop,
novell groupwise,
no brainer,
nmap,
nbtscan,
multithreaded,
mongoose,
modurl,
microsoft systems journal,
metasploit,
message transfer,
message strings,
mereo,
mediator,
manipulation,
lppasswd,
lotus 6,
lotus,
localization data,
libcurl,
lan,
java system,
java,
ipod,
iphone,
ios,
information,
index pages,
index,
ibm,
httpdx,
header ip,
hacking,
google,
get,
gchinchilla,
gateway ip,
ftp servers,
ftp,
format string,
form based,
force,
exe,
evocam,
engine,
download,
discovery web,
disclosure,
directory traversal,
destination port,
curl,
cups,
corporate desktop,
cisco network,
cisco ios,
cisco,
chrome,
change ip,
change,
building,
bugtraq,
body,
basic,
backend,
authentication,
apple iphone,
Tools,
Support,
Programming,
General,
BackTrack
-
-
7:31
»
Packet Storm Security Recent Files
HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.
-
7:31
»
Packet Storm Security Tools
HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.
-
7:31
»
Packet Storm Security Misc. Files
HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.
-
-
20:14
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0475-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.
-
20:14
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0475-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.
-
20:14
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0475-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.
-
20:11
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0474-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.
-
20:11
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0474-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.
-
8:29
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in NetDecision's HTTP service (located in C:\Program Files\NetDecision\Bin\HttpSvr.exe). By supplying a long string of data to the URL, an overflow may occur if the data gets handled by HTTP Server's active window. In other words, in order to gain remote code execution, the victim is probably looking at HttpSvr's window.
-
8:29
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in NetDecision's HTTP service (located in C:\Program Files\NetDecision\Bin\HttpSvr.exe). By supplying a long string of data to the URL, an overflow may occur if the data gets handled by HTTP Server's active window. In other words, in order to gain remote code execution, the victim is probably looking at HttpSvr's window.
-
-
20:18
»
Packet Storm Security Recent Files
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
-
20:18
»
Packet Storm Security Tools
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
-
20:18
»
Packet Storm Security Misc. Files
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
-
19:54
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".
-
19:54
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".
-
19:54
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".
-
-
18:10
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
-
18:10
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
-
18:10
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
-
-
14:08
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0128-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
-
14:08
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0128-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
-
14:08
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0128-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
-
-
4:12
»
Packet Storm Security Recent Files
This is a small application built to test the performance of a http authentication system using a lot of concurrent connections. It can also be used to try lots of password against a http server. It is capable of using up to 1024 (or more using multiple processes). However with this amount it is capable or reducing internet connections to a crawl and also greatly increasing the load on the server.
-
4:12
»
Packet Storm Security Tools
This is a small application built to test the performance of a http authentication system using a lot of concurrent connections. It can also be used to try lots of password against a http server. It is capable of using up to 1024 (or more using multiple processes). However with this amount it is capable or reducing internet connections to a crawl and also greatly increasing the load on the server.
-
4:12
»
Packet Storm Security Misc. Files
This is a small application built to test the performance of a http authentication system using a lot of concurrent connections. It can also be used to try lots of password against a http server. It is capable of using up to 1024 (or more using multiple processes). However with this amount it is capable or reducing internet connections to a crawl and also greatly increasing the load on the server.
-
-
4:12
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-003 - Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a.htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of RewriteRule and ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an \@ character and a : character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. The updated packages have been patched to correct these issues.
-
4:12
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-003 - Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a.htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of RewriteRule and ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an \@ character and a : character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. The updated packages have been patched to correct these issues.
-
4:12
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-003 - Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a.htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of RewriteRule and ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an \@ character and a : character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. The updated packages have been patched to correct these issues.
-
-
6:59
»
Packet Storm Security Recent Files
Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
-
6:59
»
Packet Storm Security Tools
Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
-
6:59
»
Packet Storm Security Misc. Files
Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
-
-
9:01
»
Hack a Day
[Alex] sent in a neat Ikea DIODER build that controls strings of RGB LEDs with HTTP requests. We’ve seen Ikea DIODERs controlled wirelessly and over USB, but using the Internet with a DIODER is new to us. For his build, [Alex] used a Nanode, a small Arduino-like board that has built-in web connectivity. The hardware [...]
-
17:11
»
Packet Storm Security Tools
This is a python script that uses the Max-Forwards header in HTTP and SIP to perform a traceroute-like scanning functionality.
-
-
20:35
»
Packet Storm Security Advisories
Apple Security Advisory 2011-11-14-1 - iTunes 10.5.1 is now available and addresses a man-in-the-middle vulnerability. iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available. If Apple Software Update for Windows is not installed, clicking the Download iTunes button may open the URL from the HTTP response in the user's default browser. This issue has been mitigated by using a secured connection when checking for available updates. For OS X systems, the user's default browser is not used because Apple Software Update is included with OS X, however this change adds additional defense-in-depth.
-
20:35
»
Packet Storm Security Recent Files
Apple Security Advisory 2011-11-14-1 - iTunes 10.5.1 is now available and addresses a man-in-the-middle vulnerability. iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available. If Apple Software Update for Windows is not installed, clicking the Download iTunes button may open the URL from the HTTP response in the user's default browser. This issue has been mitigated by using a secured connection when checking for available updates. For OS X systems, the user's default browser is not used because Apple Software Update is included with OS X, however this change adds additional defense-in-depth.
-
20:35
»
Packet Storm Security Misc. Files
Apple Security Advisory 2011-11-14-1 - iTunes 10.5.1 is now available and addresses a man-in-the-middle vulnerability. iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available. If Apple Software Update for Windows is not installed, clicking the Download iTunes button may open the URL from the HTTP response in the user's default browser. This issue has been mitigated by using a secured connection when checking for available updates. For OS X systems, the user's default browser is not used because Apple Software Update is included with OS X, however this change adds additional defense-in-depth.
-
-
8:26
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-168 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request. The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues.
-
8:26
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-168 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request. The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues.
-
8:26
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-168 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request. The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues.
-
-
13:22
»
Carnal0wnage
Need to check a few specifc nessus plugins against a host?
$ sudo ./nessuscmd 192.168.1.92 -p80,443 -v -V -i 38157,10107
Starting nessuscmd 4.4.0
Scanning '192.168.1.92'...
Host 192.168.1.92 is up
Discovered open port http (80/tcp) on 192.168.1.92
[i] Plugin 10107 reported a result on port http (80/tcp) of 192.168.1.92
[i] Plugin 38157 reported a result on port http (80/tcp) of 192.168.1.92
+ Results found on 192.168.1.92
+ - Port http (80/tcp) is open
[i] Plugin ID 38157 Synopsis :
The remote web server contains a document sharing software Description : The remote web server is running SharePoint, a web interface for document management. As this interface is likely to contain sensitive information, make sure only authorized personel can log into this site See also :
http://www.microsoft.com/Sharepoint/default.mspx Solution : Make sure the proper access controls are put in place
Risk factor : None
Plugin output : The following instance of SharePoint was detected on the remote host :
Version : 12.0.0.6327
URL : http://192.168.1.92/
looks like the functionality has been there for awhile:
http://blog.tenablesecurity.com/2007/07/nessus-32-beta-.html
-
-
16:00
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1391-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed.
-
16:00
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1391-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed.
-
16:00
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1391-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed.
-
-
12:40
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-156 - Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x. The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses. Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service by leveraging an untrusted web application. Certain AJP protocol connector implementations in Apache Tomcat allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. The updated packages have been patched to correct these issues.
-
12:40
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-156 - Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x. The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses. Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service by leveraging an untrusted web application. Certain AJP protocol connector implementations in Apache Tomcat allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. The updated packages have been patched to correct these issues.
-
12:40
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-156 - Multiple vulnerabilities has been discovered and corrected in tomcat 5.5.x. The implementation of HTTP DIGEST authentication in tomcat was discovered to have several weaknesses. Apache Tomcat, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. Apache Tomcat, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service by leveraging an untrusted web application. Certain AJP protocol connector implementations in Apache Tomcat allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. The updated packages have been patched to correct these issues.
-
-
22:53
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1369-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
-
22:53
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1369-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
-
-
17:33
»
Packet Storm Security Advisories
Apache Tomcat suffers from multiple weaknesses in HTTP Digest authentication. It suffers from replay attacks, lack of value checking, and more. Tomcat versions 7.0.0 to 7.0.11, 6.0.0 to 6.0.32, and 5.5.0 to 5.5.33 are affected.
-
17:33
»
Packet Storm Security Recent Files
Apache Tomcat suffers from multiple weaknesses in HTTP Digest authentication. It suffers from replay attacks, lack of value checking, and more. Tomcat versions 7.0.0 to 7.0.11, 6.0.0 to 6.0.32, and 5.5.0 to 5.5.33 are affected.
-
17:33
»
Packet Storm Security Misc. Files
Apache Tomcat suffers from multiple weaknesses in HTTP Digest authentication. It suffers from replay attacks, lack of value checking, and more. Tomcat versions 7.0.0 to 7.0.11, 6.0.0 to 6.0.32, and 5.5.0 to 5.5.33 are affected.
-
-
22:49
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1330-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update.
-
22:49
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1330-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update.
-
22:49
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1330-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update.
-
22:35
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1329-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, Red Hat Enterprise Linux 4 users must restart the httpd22 service, and Red Hat Enterprise Linux 5 and 6 users must restart the httpd service, for the update to take effect.
-
22:35
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1329-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, Red Hat Enterprise Linux 4 users must restart the httpd22 service, and Red Hat Enterprise Linux 5 and 6 users must restart the httpd service, for the update to take effect.
-
22:35
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1329-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, Red Hat Enterprise Linux 4 users must restart the httpd22 service, and Red Hat Enterprise Linux 5 and 6 users must restart the httpd service, for the update to take effect.
-
-
23:35
»
Packet Storm Security Exploits
Toko Lite CMS version 1.5.2 suffers from a HTTP response splitting vulnerability. Input passed to the 'charSet' parameter in 'edit.php' is not properly sanitized before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.
-
23:35
»
Packet Storm Security Recent Files
Toko Lite CMS version 1.5.2 suffers from a HTTP response splitting vulnerability. Input passed to the 'charSet' parameter in 'edit.php' is not properly sanitized before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.
-
23:35
»
Packet Storm Security Misc. Files
Toko Lite CMS version 1.5.2 suffers from a HTTP response splitting vulnerability. Input passed to the 'charSet' parameter in 'edit.php' is not properly sanitized before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.
-
-
16:53
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1300-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
-
16:53
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1300-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
-
16:53
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1300-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
-
-
15:52
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1294-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
-
15:52
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1294-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
-
15:52
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1294-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
-
-
19:06
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1245-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
-
19:06
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1245-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
-
19:06
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1245-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
-
-
19:06
»
Packet Storm Security Recent Files
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
-
19:06
»
Packet Storm Security Tools
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
-
19:06
»
Packet Storm Security Misc. Files
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
-
-
18:59
»
Packet Storm Security Recent Files
HTTP Bog is a slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses. Requires .NET 3.5. Written in C#.
-
18:59
»
Packet Storm Security Misc. Files
HTTP Bog is a slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses. Requires .NET 3.5. Written in C#.
-
12:29
»
SecuriTeam
The Oracle HTTP Server does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
18:34
»
Packet Storm Security Recent Files
Whitepaper called SSL and HTTP Exposed. It discusses how to perform an HTTPS stripping attack against the TOR network using sslstrip.py and iptables.
-
18:34
»
Packet Storm Security Misc. Files
Whitepaper called SSL and HTTP Exposed. It discusses how to perform an HTTPS stripping attack against the TOR network using sslstrip.py and iptables.
-
-
6:43
»
Packet Storm Security Recent Files
This is an HTTP console to remote administer Windows hosts with a browser-based, AJAX-enabled, command-line interface. Server requires .NET 3.5. Written in C# and JavaScript.
-
6:43
»
Packet Storm Security Misc. Files
This is an HTTP console to remote administer Windows hosts with a browser-based, AJAX-enabled, command-line interface. Server requires .NET 3.5. Written in C# and JavaScript.
-
-
12:42
»
Carnal0wnage
So a coulple of cool updates lately to metasploit framework. If you check out db_services you'll see a super handy feature of "-R"
msf auxiliary(http_version) > db_services -h
Usage: db_services [-h|--help] [-u|--up] [-a ] [-r ] [-p ] [-n ] [-o ]
-a Search for a list of addresses
-c Only show the given columns
-h,--help Show this help information
-n Search for a list of service names
-p Search for a list of ports
-r Only show [tcp|udp] services
-u,--up Only show services which are up
-o Send output to a file in csv format
-R,--rhosts Set RHOSTS from the results of the search
Available columns: created_at, info, name, port, proto, state, updated_at
In the past you could list your hosts by port (db_services -p 80) but I want to be able to USE those hosts and throw modules at them, bring in the -R option
msf auxiliary(http_version) > use auxiliary/scanner/http/options
msf auxiliary(options) > db_services -R -p 80
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
192.168.1.245 80 tcp http open Apache/2.2.3 (CentOS) ( Powered by PHP/5.1.6 )
192.168.1.246 80 tcp http open Apache/2.2.3 (CentOS)
192.168.1.247 80 tcp http open Apache/2.2.12 (Ubuntu)
192.168.1.248 80 tcp http open lighttpd/1.5.0
192.168.1.249 80 tcp http open Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.4 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.11
192.168.1.251 80 tcp http open Apache
192.168.1.254 80 tcp http open Apache/2.2.3 (CentOS)
RHOSTS => file:/tmp/msf-db-rhosts-20110423-27121-10wiuni-0
msf auxiliary(options) > run
[*] Scanned 1 of 7 hosts (014% complete)
[*] Scanned 2 of 7 hosts (028% complete)
[*] 192.168.1.247 allows GET,HEAD,POST,OPTIONS methods
[*] Scanned 3 of 7 hosts (042% complete)
[*]192.168.1.248 allows OPTIONS, GET, HEAD, POST methods
[*] Scanned 4 of 7 hosts (057% complete)
[*] 192.168.1.249 allows GET,HEAD,POST,OPTIONS,TRACE methods
[*] Scanned 5 of 7 hosts (071% complete)
[*] Scanned 6 of 7 hosts (085% complete)
[*] Scanned 7 of 7 hosts (100% complete)
[*] Auxiliary module execution completed
-CG
-
-
12:47
»
Packet Storm Security Recent Files
sec-wall is a high-performance security proxy that supports SSL/TLS, WS-Security, HTTP Auth Basic/Digest, extensible authentication schemes based on custom HTTP headers and XPath expressions, powerful URL matching/rewriting, and an optional header enrichment. It's a security wall with which you can conveniently fence otherwise defenseless backend servers.
-
12:47
»
Packet Storm Security Misc. Files
sec-wall is a high-performance security proxy that supports SSL/TLS, WS-Security, HTTP Auth Basic/Digest, extensible authentication schemes based on custom HTTP headers and XPath expressions, powerful URL matching/rewriting, and an optional header enrichment. It's a security wall with which you can conveniently fence otherwise defenseless backend servers.
-
-
13:00
»
Packet Storm Security Advisories
Changes introduced into Apache Tomcat version 7.0.11 to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of responses between requests. While the mix-up in responses was only observed between requests from the same user, a mix-up of responses for requests from different users may also be possible.
-
13:00
»
Packet Storm Security Recent Files
Changes introduced into Apache Tomcat version 7.0.11 to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of responses between requests. While the mix-up in responses was only observed between requests from the same user, a mix-up of responses for requests from different users may also be possible.
-
13:00
»
Packet Storm Security Misc. Files
Changes introduced into Apache Tomcat version 7.0.11 to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurred including the mixing up of responses between requests. While the mix-up in responses was only observed between requests from the same user, a mix-up of responses for requests from different users may also be possible.
-
-
15:00
»
Hack a Day
Concerns over privacy online are an ever growing theme. Every day we see people complaining about the policies of facebook and the like. [Mike Cardwell] points out another method of gleaning a bit of personal data from you that you may not have seen yet. By embedding a hidden image or using some really simple [...]
-
-
10:46
»
SecuriTeam
Multiple Oracle Products contain critical vulnerabilities caused by a buffer overflow error in the EM Console when processing overly long HTTP requests.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
6:17
»
Packet Storm Security Recent Files
This OWASP HTTP Post denial of service tool was created for testing web applications for availability concerns from HTTP GET and HTTP POST denial of service attacks.
-
6:17
»
Packet Storm Security Misc. Files
This OWASP HTTP Post denial of service tool was created for testing web applications for availability concerns from HTTP GET and HTTP POST denial of service attacks.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution