What to look for when considering a WAF?

When web based applications become important components of business IP, protecting these applications is a key part of doing business. Most of IT and DevOps professionals are not thinking whether they need a Web Application Firewall WAF. Instead, they are trying to decide which WAF is right for...

Player 3 Has Entered the Game: Say Hello to 'WannaCry'

This post was authored by Martin Lee, Warren Mercer, Paul Rascagneres, and Craig Williams.Executive SummaryA major ransomware attack has affected many organizations across the world reportedly including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware...

CVE-2016-6332

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked...

CVE-2017-7443

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0ad regular expression...

UBUNTU-CVE-2017-7443

apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0ad regular expression...

morty - Privacy aware web content sanitizer proxy as a service

Web content sanitizer proxy as a service. Morty rewrites web pages to exclude malicious HTML tags and attributes. It also replaces external resource references to prevent third party information leaks. The main goal of morty is to provide a result proxy for searx , but it can be used as a...

Port Scan Attack Detector: PSAD

Port Scan Attack Detector The Port Scan Attack Detector psad is a lightweight system daemon written in is designed to work with Linux iptables/ip6tables/firewalld firewalling code to detect suspicious traffic such as port scans and sweeps, backdoors, botnet command and control communications, and...

tomcat: information disclosure due to incorrect Processor sharing

A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body...

Denial Of Service (DoS)

ActiveMQ AMQP is vulnerable to denial of service attacks. These attacks can be conducted by opening TCP connections to a SSL port and just keeping it open. This blocks other users from accessing it...

Synologic NAS IP Blocking Bypass

Greetings, 1. Seems to be possible bypass the default enabled "Auto Block of IP address" functionality in Synologic's NAS by using only one single space \x20 to the HTTP header "X-FORWARDED-FOR" If already Auto Blocked, this bypass will not work Generates in /var/log/messages:...

Denial Of Service (DoS) Through Pointer Corruption

OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible because AES NI support on 64-bit x86 platforms doesn't properly handle non-blocking I/O cases. This flaw causes pointer corruption and application crashes...

Dump and Analyze .Net Applications Memory: MemoScope.Net

Dump and Analyze .Net Applications Memory MemoScope.Net is a tool to analyze .Net process memory: it can dump an application’s memory in a file and read it later. The dump file contains all data objects and threads state, stack, call stack. MemoScope.Net will analyze the data and help you to find...

CVE-2017-3814

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0...

Information disclosure

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0...

CVE-2017-3814

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0...

CVE-2017-3814

Cisco Firepower System Software contains a vulnerability (CVE-2017-3814) that could allow an unauthenticated remote attacker to bypass the appliance’s web content blocking. The issue is caused by insufficient input validation in the URL handling logic, enabling an attacker to add malicious text t...

PT-2017-16116 · Cisco · Cisco Firepower System

Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software versions 5.3.0 through 6.1.0 Description: A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass the appliance's ability to block certain web content...

[SECURITY] Fedora 25 Update: squid-4.0.17-1.fc25

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

Important: Red Hat Security Advisory: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update

An update for rh-nodejs4-nodejs and rh-nodejs4-http-parser is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

[SECURITY] Fedora 24 Update: python-tornado-4.4.2-1.fc24

Tornado is an open source version of the scalable, non-blocking web server and tools. The framework is distinct from most mainstream web server frameworks and certainly most Python frameworks because it is non-blocking and reasonably fast. Because it is non-blocking and uses epoll, it can handle...