-
Cumulative Patch for Internet Information Service
SPI Labs and NSFocus have discovered multiple holes in IIS. Two denial of service conditions exist that can allow an attacker to cause IIS to stop responding. One Cross site scripting issue exists in the 302 redirection pages, and one buffer overflow that allows command execution as the webserver user. The buffer overflow requires the…
-
Apache Pre 2.0.46 Denial of Service
Below is a snippet from the apache advisory. Apache 2.0.46 Major changes Security vulnerabilities closed since Apache 2.0.45 *) SECURITY [CAN-2003-0245]: Fixed a bug that could be triggered remotely through mod_dav and possibly other mechanisms, causing an Apache child process to crash. The crash was first reported by David Endler and was researched and fixed…
-
Sun One Application Server Multiple vulnerabilities
SPI Labs Has identified four issues in the popular Sun One application server. They range from Source code theft, Log evasion, Cross site scripting, and plaintext administrative password storage. Sun One Multiple Issues
-
IIS Security and Programming Countermeasures e-book released
Jason Coombs has released this 440 page e-book on IIS security, and secure programming. Worth a read if you run IIS on a production system.
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack