Blog Posts Tagged with "Apache"

Ba829a6cb97f554ffb0272cd3d6c18a7

Running Apache? Beware of "Armageddon"...

March 19, 2012 Added by:Kevin McAleavey

"Apache Killer" exploits a vulnerability in the server by sending a specially crafted Range HTTP header to trigger a denial-of-service condition, and a single computer is capable of bringing Apache to its knees. A botnet full of these can result in "tango down"...

Comments  (0)

4085079c6fe0be2fd371ddbac0c3e7db

MAC versus DAC in SELinux

September 25, 2011 Added by:Jamie Adams

This simple real-world example demonstrates how MAC rules supersede DAC settings. I encourage you to read the system documentation and experiment on lab systems. Too often system administrators become frustrated by "AVC Denial" messages and resort to disabling this enhanced security...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Apache Killer DoS Vulnerability Patch Released

August 31, 2011 Added by:Headlines

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.20 of the Apache HTTP Server with a fix for handling of byte-range requests and avoid a denial of service. We consider this release to be the best version of Apache available...

Comments  (0)

6648b1abd4a9b964566c3690613f20a6

Mitigating the Apache Range Header DoS Vulnerability

August 28, 2011 Added by:Mark Baldwin

A new Apache DoS vulnerability was reported by security researcher Kingcope on the Seclists.org Full Disclosure mailing list that affects most default installations of Apache 1.3/2.x. Fortunately, there are some configuration settings that can be adjusted to mitigate this vulnerability...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Sony Knew It Was Running Obsolete Server Software

May 06, 2011 Added by:Headlines

"If Dr. Spafford's assessment is accurate, it's inexcusable that Sony not only ran obsolete software on servers containing confidential data, but also that the company continued to do so after this information was publicly disclosed..."

Comments  (0)

959779642e6e758563e80b5d83150a9f

Configuring Web 2.0 Applications to be Friendly But Secure

February 25, 2011 Added by:Danny Lieberman

In the course of a security audit/penetration test of a social networking Web site this week that was developed and deployed on Ubuntu, I was reminded yet again that we all have something to learn. Even Linux geeks...

Comments  (0)

6d117b57d55f63febe392e40a478011f

Hacker Releases Second Video of Enhanced XerXeS DoS Attack on Apache Vulnerability

March 11, 2010 Added by:Anthony M. Freed

Infosec Island has once again gained exclusive access to a video demonstration of the XerXeS DoS. This new video shows a little more of the XerXeS dashboard, and reveals even more about the attack technique – watch the text box on the left as Jester mentions “Apache” for the first time outside of our private conversations.

Comments  (15)