Facebook Launches 'Discover,' A Secure Proxy to Browse the Internet for Free

More than six years after Facebook launched its ambitious Free Basics program to bring the Internet to the masses, the social network is back at it again with a new zero-rating initiative called Discover. The service, available as a mobile web and Android app, allows users to browse the Internet...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java SDK updates in January 2019. Vulnerability Details CVEID: CVE-2018-12547 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a...

Security Bulletin: Multiple vulnerabilities affect IBM Sterling Secure Proxy Configuration Manager

Summary Several vulnerabilities affect the Configuration Manager of the IBM Sterling Secure Proxy SSP product. The SSP Configuration Manager typically runs in the Secure Zone, and is not accessible from the internet. Vulnerability Details CVEID: CVE-2016-6026 DESCRIPTION: The Sterling Secure Prox...

Security Bulletin: Vulnerability in Apache Commons FileUpload Affects IBM Sterling Secure Proxy

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java SDK updates in October 2017 and January 2018. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified...

Security Bulletin: Java DLL planting vulnerability affects IBM Sterling Secure Proxy (CVE-2016-2542)

Summary Flexera InstallAnywhere generates installation executables which are vulnerable to a DLL-planting vulnerability during installs on Windows systems. InstallAnywhere is used by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera InstallShield could all...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Secure Proxy (CVE-2016-3426, CVE-2016-3485)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7.0 that is used by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java Runtime updates in April 2016 and July 2016. Vulnerability Details CVEID: CVE-2016-3426...

Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Sterling Secure Proxy (CVE-2016-3092)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Secure Proxy

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java SDK updates in Oct 2016 and Jan 2017. Vulnerability Details CVEID: CVE-2016-5546 DESCRIPTION: An unspecified vulnerabilit...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Secure Proxy

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details CVEID: CVE-2017-10116 DESCRIPTION: An unspecified vulnerability related to...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Secure Proxy (CVE-2015-7575, CVE-2016-0475, CVE-2015-4872, CVE-2015-5006)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7.0 that is used by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java Runtime updates in October 2015 and January 2016 and include the vulnerability commonly...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Sterling Secure Proxy and Sterling External Authentication Server (CVE-2015-0488, CVE-2015-1916, CVE-2015-2808, CVE-2015-0478, CVE-2015-0204)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.7.0 that is used by Sterling Secure Proxy and Sterling External Authentication Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEI...

Security Bulletin: Multiple Security Vulnerabilities found in IBM Sterling Secure Proxy (CVE-2014-0411, CVE-2014-0050)

Summary IBM Sterling Secure Proxy is shipped with IBM Runtime Environment, Java™ Technology Edition the “IBM JRE”, that is based on an Oracle Java Runtime Environment JRE. Oracle has released the January 2014 critical patch updates CPU that contain security vulnerability fixes for the JRE. The IB...

GHSA-6C7V-2F49-8H26 Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

ALPINE-CVE-2019-12781

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

PYSEC-2019-10

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

PYSEC-2019-80

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

PYSEC-2019-10

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

UBUNTU-CVE-2019-12781

An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECUREPROXYSSLHEADER and SECURESSLREDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words,...

PT-2019-2628 · Django Software Foundation +3 · Django +3

Name of the Vulnerable Software and Affected Versions: Django versions 1.11 before 1.11.22 Django versions 2.1 before 2.1.10 Django versions 2.2 before 2.2.3 Description: An issue in Django causes incorrect behavior of django.http.HttpRequest.scheme when a client uses HTTP, but the proxy connects...