Collaborate Disseminate
I am a bug bounty hunter. When doing some research, I found a subdomain that is using Apache Tomcat. Talk about Tomcat, there was a vulnerability found in 2017: CVE-2017-12617.
Any Apache Tomcat server with enabled PUT request method will… Continue reading Vulnerable Apache Tomcat server
Does Apache Tomcat 9 meet PCI compliance?
From where I should start reading and gather some information about that topic?
DataStax released code for an Apache Cassandra Kubernetes operator to help enterprises and users succeed with scale-out, cloud-native data. This Kubernetes Operator for Apache Cassandra, cass-operator, is now available and ready for use by the communit… Continue reading DataStax releases open-source Kubernetes Operator for Apache Cassandra
I would appreciate if someone can point me to the right way solving this
Have a POST for a refresh token and modsec closes the connection(?) — the browser goes into an endless loop back and forth ; using apache 2.4.6 and modsec 2.9.2 in … Continue reading modest 2.9.2 – response body: transformed: dechunked
The BodgeIt Store is a vulnerable web application for studying web development security. It can be downloaded from the internet and installed locally on your computer as a docket container. This web application runs on your own computer th… Continue reading How to use Burp Suite together with The BodgeIt Store?
Interesting data: A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a… Continue reading The Insecurity of WordPress and Apache Struts
Apache site down after getting AH02032 error, and automatically up if I restart apache or after some time(maybe 1-3 hours).
The Server setup is Xampp in Windows Server 2012
Many sites are hosted on the same server with virtual host setup,… Continue reading Apache site down after getting AH02032 error
At the moment, there aren’t any of those vulnerabilities that we know. I was looking the docs on what damages can be done by hackers if apache tomcat favicon is revealed in web application.
I am building web applications for my customer’s company. At the server side, there will be 2 kinds of server to server network communication.
Separated REST API servers making requests among each other.
Communication from application lo… Continue reading Is HTTPS required for local network server to server communication
Let’s Encrypt is a free, automated, open certificate authority (CA) run for the public’s benefit as a service from the Internet Security Research Group (ISRG). It provides free digital certificates to enable HTTPS (… Continue reading Identifying Let’s Encrypt Revoked Certificates