286 matches found
Object Computing micronaut resource management error vulnerability
Object Computing micronaut is a JVM-based full-stack framework from US-based Object Computing, which is primarily used to build modular microservices and serverless applications.A resource management error vulnerability exists in Object Computing Micronaut, which stems from the fact that in the...
Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.0.0 release and security update
Red Hat AMQ Streams 2.0.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
How to Make API Security an Integral Part of Your Application Security Strategy
The farther your organization travels down the digital transformation path, the more critical API protection is to your overall security posture. Every day, your development teams are innovating; they rely more on microservices to save time and money as they automate business-to-business processe...
Apache Apisix Licensing Issue Vulnerability
Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation in the United States. The software is based on OpenResty and etcd for dynamic routing and plug-in hot-loading, and is suitable for API management in microservice systems. an authorization issue...
h1-ctf: Saving Christmas from Grinchy Gods
It was a fun CTF to play had some good learning on thinking of how to approach real world targets and more things we can try while testing any target , some nudges were good and reminded of scenarios of actual microservices are built where these security issues can be present huge shoutouts to Ad...
NSA and CISA Release Final Part IV of Guidance on Securing 5G Cloud Infrastructures
CISA has announced the joint National Security Agency NSA and CISA publication of the final of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part IV: Ensure Integrity of Cloud Infrastructure focuses on platform integrity, microservices infrastructure integrity, launch time...
Critical: Red Hat Security Advisory: Red Hat AMQ Streams 1.8.4 release and security update
Red Hat AMQ Streams 1.8.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Critical: Red Hat Security Advisory: Red Hat AMQ Streams 1.6.5 release and security update
Red Hat AMQ Streams 1.6.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Akamai App & API Protector: Maximize Security Through Simplicity
Building incredible digital experiences often involves leveraging serverless edge computing, microservices-based architectures, IaaS environments, client-side functionality, and APIs. These modern development practices, while designed to produce highly personalized, fast, and always-on user...
What is API Gateway ❓ How it works ❓
In general, a gateway is a passage that acts as a connector for 2 components to make them achieve certain functionality. API Gateway is not very different. However, it is a crucial topic to understand for many of us. Well, in this article, we have got you covered. Introduction to API Gateway: A...
Practical tips on how to use application security testing and testing standards
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Daniel Cuthbert, Global Head of Security...
Practical tips on how to use application security testing and testing standards
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Daniel Cuthbert, Global Head of Security...
Incorrect Authorization
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...
Improper Handling of Case Sensitivity
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...
Improper Handling of Case Sensitivity
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...
CVE-2021-39156
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...
CVE-2021-39155
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...
Path traversal
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...
CVE-2021-39156
CVE-2021-39156 affects Istio where HTTP requests containing a fragment (#fragment) in the path can bypass Istio’s URI path-based authorization policies. Affected releases are Istio 1.11.0 and below, 1.10.3 and below, and 1.9.7 and below. The described impact is a remote bypass of authorization co...
CVE-2021-39155
Technical details about CVE-2021-39155 are not publicly available in the provided connected documents. Monitor for updates; these sources do not specify affected products, vectors, impact, or fixes.