The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

Another Apache update due to byte range flaw

The Apache Foundation has announced that the newly released version 2.2.21 of its free web server is essentially a bug fix and security release. In particular, the developers focused on the vulnerability that makes servers susceptible to Denial-of-Service (DoS) attacks.

The new version corrects and complements the first fix, which was released only two weeks ago. It corrects an incompatibility with the HTTP definition and changes the interpretation of the MaxRange directive. It also fixes flaws inmod_proxy_ajp, a module that provides support for the Apache JServ protocol.

Users are advised to update their Apache installations as soon as possible. However, those who use Apache 2.0 will still need to wait: corrections for this version are scheduled to be incorporated in the release of version 2.0.65 in the near future. Those who use version 1.3 are not affected by the byte range bug.

The Apache developers explain the background of the byte range vulnerability in an online document. There, they also describe various options for protecting servers against DoS attacks that exploit this vulnerability. The document also mentions a ticket on the byte range topic issued by the IETF, which is responsible for the HTTP standard. In this document, the IETF says that the protocol itself is vulnerable to DoS attacks, because of, for instance, the potential presence of many small or overlapping byte range requests.

Changes to RFC 2616 are planned in order to correct this. The IETF stipulates that clients must no longer send overlapping byte ranges, and that servers may coalesce such overlapping ranges into a single range. Ranges within a request must be separated by a gap that is greater than 80 bytes, and they must be listed in ascending order, said the IETF.

 

Source: http://www.h-online.com//

(c) Naked Security


Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015