-
Apache Pre 1.3.24 on win32 allows command execution
Ory Segal from sanctuminc.com has found ahole in apache versions prior to 1.3.24 which allowsan attacker to execute commands on win 32 versionsof apache. This is considered a serious threat and youshould upgrade immediately. On another note a minorhole in every version was fixed. I have included thatchange log snippet below.— Snippet from change log…
-
Fingerprinting Port 80 Attacks 2: A look into web server, and web application attack signatures: Part Two.
Part two of "Fingerprinting port80 attacks". This paper provides information on web application attack forensics that will help you identify what an attacker might be doing. Part two covers attacks that where not mentioned in the first paper. Fingerprinting Port80 Part 2 (TXT) Fingerprinting Port80 Part 2 (HTML)
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack