284 matches found
Design/Logic Flaw
DISPUTED ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer not the transport layer and "Certificates are exchanged in a controlled fashion between...
PT-2023-14715
Name of the Vulnerable Software and Affected Versions ComponentSpace.Saml2 version 4.4.0 Description The issue concerns missing SSL certificate validation at the application layer. According to the vendor, this is not considered a vulnerability because certificates are exchanged between trusted...
Medium: sendmail
Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...
Fortinet FortiWeb Buffer Overflow Vulnerability (CNVD-2023-18294)
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A buffer overflow vulnerability exists that...
Fortinet FortiWeb has an unspecified vulnerability (CNVD-2023-18296)
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists that could b...
Imperva releases its Global DDoS Threat Landscape Report 2023
The 2023 Imperva Global DDoS Threat Landscape Report reviews DDoS attack activity throughout 2022, provides insights into the year’s most noteworthy DDoS events, and offers recommendations for the year ahead. While the report focuses mainly on research data from the application and network DDoS...
Fortinet FortiWeb Resource Management Error Vulnerability
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A resource management error vulnerability...
Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2023-18299)
Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists...
K000132639: ALPACA: TLS vulnerability CVE-2021-3618
Security Advisory Description ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP...
Juniper Networks Junos OS 安全漏洞
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS has a security vulnerability that stems from an incorrect locking vulnerability in...
The vulnerability of the SIP Application Layer Gateway (ALG) on Juniper Networks’ Junos operating systems allows a attacker to trigger a system failure and restart the device.
The vulnerability of the SIP Application Layer Gateway ALG on Juniper Networks Junos operating systems is related to the use of an uninitialized pointer in the stack. Exploiting this vulnerability can allow a malicious actor to trigger a system failure and restart the device remotely...
The Global DDoS Threat Landscape – November 2022
Every month in this space, we will post the Global DDoS Threat Landscape blog on behalf of the Imperva Threat Research team. As DDoS attacks continue to pose a significant risk to businesses, it is critical that we regularly communicate our Threat Research team’s findings to help the cybersecurit...
CVE-2022-22236
An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When specific valid SIP packets are received the PFE will crash and...
CVE-2022-22236
The CVE-2022-22236 affects Juniper Junos OS on SRX/MX series, caused by an uninitialized pointer in the SIP Application Layer Gateway (ALG) that can crash the PFE and trigger DoS when specific SIP packets arrive. Affected versions include 20.4R3-S4 and earlier for 20.4, 21.1R3-S2 and earlier, 21....
Mirai Botnet Hits Wynncraft Minecraft Server with 2.5 Tbps DDoS Attack
Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps distributed denial-of-service DDoS attack launched by a Mirai botnet. Characterizing it as a "multi-vector attack consisting of UDP and TCP floods," researcher Omer Yoachimik said the DDoS attack...
Juniper Junos OS Vulnerability (JSA69892)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA69892 advisory. - An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated,...
HSTP - Simple Hyper Service Transfer Protocol On Networks
The protocol aims to develop a application layer abstraction for the Hyper Service Transfer Protocol. HSTP is a recursion as nature of HSTP. This protocol implements itself as a interface. On every internet connected device, there is a HSTP instance. That's why the adoption is not needed. HSTP...
Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability
A vulnerability in the DNS application layer gateway ALG functionality that is used by Network Address Translation NAT in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to a logic error that occurs when an...
The Global DDoS Threat Landscape – September 2022
Every month in this space, we will post the State of the Global DDoS Threat Landscape blog on behalf of the Imperva Threat Research team. As DDoS attacks become more frequent, varied, and sophisticated, it is critical that we regularly communicate the Imperva Threat Research team’s findings and...
DDoS in Financial Services: What to Know and What to Do
Akamai explores trends of recent application-layer DDoS attacks across the Financial Services industry...