8 matches found
Security Bulletin: Vulnerability in IBM InfoSphere Guardium Database Activity Monitoring (CVE-2010-2273)
Abstract Guardium Database Activity Monitoring is affected by multiple cross-site scripting XSS vulnerabilities in Dojo which could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Content VULNERABILITY DETAILS: CVE ID: CVE-2010-2273 CVSS: CVSS Base Score: 4....
Anatomy of a Security Super Bowl Dynasty, Part 1: The Defense
Imperva’s Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled Creating a Security Super Bowl Dynasty. In this presentation, they used examples of how teams create consistent, sustainable success in American...
Security Bulletin: Vulnerability in IBM Java Runtime affect IBM Guardium Database Activity Monitoring (CVE-2014-3566)
Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Guardium Database Activity Monitoring, were disclosed as part of the IBM Java SDK updates in October 2014. The only fix applicable was for Padding Oracle On Downgraded Legacy...
Security Bulletin: InfoSphere Guardium Database Activity Monitoring vulnerable to multiple Oracle MySQL vulnerabilties
Summary InfoSphere Guardium Database Activity Monitoring vulnerable to the following Oracle MySQL vulnerabilties CVE-2014-6464, CVE-2014-6469, CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496, CVE-2014-6500, CVE-2014-6555, CVE-2014-6559 Vulnerability Details CVEID: CVE-2014-6464...
Security Bulletin: Open Source Apache Tomcat vulnerability (CVE-2014-0227)
Summary Apache Tomcat is vulnerable to HTTP request smuggling. A remote attacker could send a specially-crafted request in a malformed chunked header to the Web server to cause multiple processing conflicts on the servers. An attacker could exploit this vulnerability to poison the web cache, bypa...
Tuning Capacity Tips for SecureSphere Database Activity Monitoring
You have Imperva SecureSphere Database Activity Monitoring DAM up and running. You’ve deployed the system and configured your business audit policies. So, what’s next? In a previous post I discussed the capacity management challenges of database monitoring solutions, in this post I’ll elaborate o...
Database Activity Monitoring: A Do’s and Don’ts Checklist for DBAs
In a previous post, we looked at the limitations of native audit, the free tool often used by database administrators DBAs for logging database activity. While it has its appeal—it’s already part of the database server and does not require additional cost for third-party appliances or...
Native Auditing Tools – Performance, Cost, and Compliance Issues
As we covered in a previous post, data-centric security measures need to be implemented to meet compliance requirements and protect against complex, ever-evolving attacks. There are two primary approaches to implementing these measures: Native auditing, which uses a database server's built-in too...