Apache – Page 28 – WindowsTechs.com

I found strange folders in /var/log/apache2 [migrated]

Posted on September 10, 2018 by user3776738

I was looking where my .log files are stored and found some folders, which are quite strange:

The folder /var/log/apache2 contains the folders mydomain.com as expected, but also these suspicious folders that contain each an … Continue reading I found strange folders in /var/log/apache2 [migrated]→

Apache2 Logs, need help in identifying if it is an attack or not

Posted on August 30, 2018 by NeedHelpBasicallyOnEverything

Are this an example of an attack that had happened to my server?

This happened few days before I checked the logs… I checked the logs to see if something was wrong since my server suddenly uses all of its resources ( CPU a… Continue reading Apache2 Logs, need help in identifying if it is an attack or not→

Critical Apache Struts flaw just waiting to be exploited; PoC reported in the wild

Posted on August 27, 2018 by Filip Truta

Organizations relying on the Apache Struts framework should patch their servers ASAP, or at the very least ensure the namespace is always set within their infrastructure, as cybercrooks already have a proof-of-concept (PoC) at their disposal. A critica… Continue reading Critical Apache Struts flaw just waiting to be exploited; PoC reported in the wild→

Cross-Site Scripting Flaw in Apache ActiveMQ Threatens Web Visitors

Posted on August 24, 2018 by Lindsey O'Donnell

With the malicious code embedded into websites, the attacker can then piggyback on the trust level of the website and launch a variety of attacks. Continue reading Cross-Site Scripting Flaw in Apache ActiveMQ Threatens Web Visitors→

New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

Posted on August 22, 2018 by Mohit Kumar

Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers.

Apache Struts is… Continue reading New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers→

Serious Security: How to stop dodgy HTTP headers clogging your website

Posted on August 21, 2018 by Paul Ducklin

It’s been dubbed ReDos, for Regular Expression Denial of Service – where a few rogue HTTP requests could clog your whole site. Continue reading Serious Security: How to stop dodgy HTTP headers clogging your website→

Apache 2.4.10 child process hang

Posted on August 19, 2018 by Jay Cox

We’re running a auto-scaling instance group in Google Cloud Compute Engine (Debian 8, Apache 2.4.10) and discover that Apache’s child processes are not closing properly (apparently they keep open about 2 hrs.) and eventually,… Continue reading Apache 2.4.10 child process hang→

Alibaba Cloud Security, Comcast, and Facebook – Application Security Weekly #28

Posted on August 14, 2018 by Security Weekly Productions

Alibaba Cloud Security team discovers Apache spark rest API remote code execution exploit, Comcast security flaws exposed partial address, Hacker finds hidden ‘God Mode’ in old x86 CPUs, and more! Full Show Notes Follow us on Twitter: https… Continue reading Alibaba Cloud Security, Comcast, and Facebook – Application Security Weekly #28→

Cookie Operations using Modsecurity Rules

Posted on August 8, 2018 by goron

Here, I’m trying to accomplish calling a Lua script from modsecurity rules.

There are 2 components:-

1.example.com (WAF)

2.test.com (Web Application)

test.com contains pages:-

index.php
protectedpage.php

If user access… Continue reading Cookie Operations using Modsecurity Rules→

Server Side request forgery (SSRF) explanation

Posted on August 1, 2018 by Rifat Shommo

I am looking to gain a better understanding of the SSRF vulnerability.
I have googled and watched YouTube tutorials but they all show advanced techniques that are difficult to understand.

I am curious as to how to connect to… Continue reading Server Side request forgery (SSRF) explanation→