12 matches found
kcp 安全漏洞
KCP is an open-source control plane similar to Kubernetes, used for Kubernetes and containers. Versions of KCP prior to 0.30.3 and 0.29.3 have security vulnerabilities. These vulnerabilities stem from the direct exposure of cache servers, along with the lack of authentication and authorization,...
Updated varnish & lighttpd packages fix security vulnerability
It was discovered that a denial of service attack can be performed on cache servers that have the HTTP/2 protocol turned on. An attacker can create a large number of streams and immediately reset them without ever reaching the maximum number of concurrent streams allowed for the session, causing...
varnish: HTTP/1 request smuggling vulnerability
A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an additional request...
varnish: HTTP/1 request smuggling vulnerability
A flaw was found in Varnish. This flaw allows an attacker to carry out a request smuggling attack on HTTP/1 connections on Varnish cache servers. This smuggled request goes through the usual Varnish Configuration Language VCL processing since the Varnish server treats it as an additional request...
Incorrect Permission Assignment for Critical Resource
When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...
CVE-2020-17522
When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...
CVE-2020-17522
When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...
Code injection
When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...
CVE-2020-17522
The CVE-2020-17522 entry concerns Apache Traffic Control's ORT/atstccfg-generated ip_allow.config files for versions 3.0.0–3.1.0 and 4.0.0–4.1.0. The vulnerability is that these files contain permissions that could allow an attacker to push arbitrary content to CDN cache servers and remove conten...
CVE-2020-17522
When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are...
Incorrect Permission Assignment for Critical Resource
When ORT now via atstccfg generates ipallow.config files in Apache Traffic Control to to, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP...
Facebook bypass of the cache servers ,Check who visits your profile !
Facebook bypass of the cache servers, Check who visits your profile ! Summary Let me explain a security flaw in Facebook in relation to their cache servers, which form a layer between the Internet and internal multimedia content photos and videos uploaded. This ruling, allows access to raw browse...