Race Condition

Overview audited is a logging module for ORM models Affected versions of this package are vulnerable to Race Condition involving Thread.current which, in certain setups with threaded web servers, can log the wrong username in an audit log. Remediation Upgrade audited to version 5.3.3 or higher...

openssl security update

1.0.1e-48.4 - fix CVE-2017-3731 - DoS via truncated packets with RC4-MD5 cipher - fix CVE-2016-8610 - DoS of single-threaded servers via excessive alerts...

slowloris - Low bandwidth DoS tool

Slowloris is basically an HTTP Denial of Service attack that affects threaded servers. It works like this: 1. We start making lots of HTTP requests. 2. We send headers periodically every 15 seconds to keep the connections open. 3. We never close the connection unless the server does so. If the...

Apache Httpd < 2.0.64 : Subrequest handling of request headers (mod_headers)

A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headersin array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as modheaders which may manipulate the inp...