Worried About Apache Struts? Stay One Step Ahead of Endpoint Attacks

Security teams needs advanced visibility into all endpoints across the organization to prevent endpoint attacks such as the recent Apache Struts exploit.

The post Worried About Apache Struts? Stay One Step Ahead of Endpoint Attacks appeared first on Security Intelligence.

Continue reading Worried About Apache Struts? Stay One Step Ahead of Endpoint Attacks

OptionsBleed – Apache bleeds in uncommon configuration

[Hanno Böck] recently uncovered a vulnerability in Apache webserver, affecting Apache HTTP Server 2.2.x through 2.2.34 and 2.4.x through 2.4.27. This bug only affects Apache servers with a certain configuration in .htaccess file. Dubbed Optionsbleed, this vulnerability is a use after free error in Apache HTTP that causes a corrupted Allow header to be replied by the webserver in response to HTTP OPTIONS requests. This can leak pieces of arbitrary memory from the server process that may contain sensitive information. The memory pieces change after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be …read more

Continue reading OptionsBleed – Apache bleeds in uncommon configuration

Risks Limited With Latest Apache Bug, Optionsbleed

The risks surrounding the latest Apache bug, called Optionsbleed, are limited given it can only be attacked under certain conditions. Apache, and many Linux distributions, have patched the flaw. Continue reading Risks Limited With Latest Apache Bug, Optionsbleed