Elasticsearch 8.8.2, 7.17.11 Security Update

Elasticsearch Denial of Service DoS issue ESA-2023-10 This issue only affects users that have at least one OpenID Connect authentication realm or at least one JWT authentication realm configured. A denial of service vulnerability was discovered in Elasticsearch that could lead to the service...

Exposure of Sensitive Information in Apache Tomcat

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...

Core Elastic Stack Security Features Now Available For Free Users As Well

Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful ope...

The vulnerability of Apache Subversion software allows a malicious intruder to compromise the confidentiality and integrity of protected information.

Vulnerability exists in Apache Subversion due to the storage of cached user credentials, based on MD5 hashes of URL addresses and authentication realms. Exploiting this vulnerability allows remote servers to gain access to user credentials by using a specially crafted authentication realm...

tomcat6 Information disclosure in authentication classes

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...