CGISecurity Logo
  • Apache Pre 1.3.24 on win32 allows command execution

    Ory Segal from sanctuminc.com has found ahole in apache versions prior to 1.3.24 which allowsan attacker to execute commands on win 32 versionsof apache. This is considered a serious threat and youshould upgrade immediately. On another note a minorhole in every version was fixed. I have included thatchange log snippet below.— Snippet from change log…

  • Fingerprinting Port 80 Attacks 2: A look into web server, and web application attack signatures: Part Two.

    Part two of "Fingerprinting port80 attacks". This paper provides information on web application attack forensics that will help you identify what an attacker might be doing. Part two covers attacks that where not mentioned in the first paper. Fingerprinting Port80 Part 2 (TXT) Fingerprinting Port80 Part 2 (HTML)