Apache – Page 8 – WindowsTechs.com

How to manually connect to my web server and send a TLS handshake with a hostname, followed by the HTTP request headers with a different hostname

Posted on March 5, 2022 by Jeff

My Apache web server logs suffer from the dreaded [ssl:error] AH02032: Hostname www.example.com provided via SNI and hostname example.com provided via HTTP are different.
I know what it means and why it happens.
I need to manually reproduc… Continue reading How to manually connect to my web server and send a TLS handshake with a hostname, followed by the HTTP request headers with a different hostname→

How to track which php file executed a malware binary

Posted on February 27, 2022 by MOHAMMAD RASIM

I have a server that seems to be compromised checking the processes running I see an executable that seems to be a mining malware and the hacker uses it to mine litecoin at the address MKkb4o9jUYmcQRRkpJWK82mW2S1ZZMtaLg, the executable fil… Continue reading How to track which php file executed a malware binary→

Issues with uploading file

Posted on February 11, 2022 by Vinny

I’m performing a pentest on a website running Apache that has an empty /uploads directory. I’ve performed thorough enumeration of all directories and functionality on the website, and there is no clear way to upload anything to this myster… Continue reading Issues with uploading file→

FreeRadius and Apache Mutual authentication

Posted on February 7, 2022 by zsomborv

I set EAP-TLS on my FreeRadius server, and i want to try the certificate-based authentication for a testing. I set up an Apache as a webservice and enabled ssl on it. I could redirect the basic username-password authentication to the radiu… Continue reading FreeRadius and Apache Mutual authentication→

Possible http information disclosure

Posted on January 21, 2022 by doneal24

We recently had a vulnerability scan that returned an information disclosure that I’ve never heard about before. The scanning company provided this information.

Our researcher used an open source tool called BurpSuite to intercept
an HTTP… Continue reading Possible http information disclosure→

White House hosts open-source software security summit in light of expansive Log4j flaw

Posted on January 13, 2022 by Tim Starks

Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to the widespread Log4j vulnerability that’s worrying industry and cyber leaders. Among the attendees are companies like Apple, Facebook and Google, as well as the Apache Software Foundation, which builds Log4j, a ubiquitous open-source logging framework for websites. “Building on the Log4j incident, the objective of this meeting is to facilitate an important discussion to improve the security of open source software — and to brainstorm how new collaboration could rapidly drive improvements,” a senior administration official said in advance of the meeting. The huddle convenes in light of a vulnerability discovered last month known as Log4Shell that could affect up to hundreds of millions of devices, and as federal officials, businesses and security researchers race to contain the potential fallout. It’s the latest of several Biden White House summits […]

The post White House hosts open-source software security summit in light of expansive Log4j flaw appeared first on CyberScoop.

Continue reading White House hosts open-source software security summit in light of expansive Log4j flaw→

If hackers are exploiting the Log4j flaw, CISA says we might not know yet

Posted on January 10, 2022 by Tim Starks

Federal officials cautioned Monday that, while the widespread Log4j vulnerability hasn’t led to any major known intrusions in the U.S., there could be a “lag” between when the flaw became known, and when attackers exploit it. Cybersecurity and Infrastructure Security Agency Director Jen Easterly said that there were months between the discovery of the vulnerability that led to the 2017 Equifax breach, which exposed the personal information of nearly 150 million Americans, and word of the breach itself, invoking one of the most notable hacks in history. “We do expect Log4j to be used in intrusions well into the future,” Easterly said on a call with reporters. “There may be a lag between when this vulnerability is being used and when it is being actively deployed.” Apache Struts, an open-source tool, was at the center of the Equifax breach, and Apache’s Log4j is a ubiquitous open-source logging tool. Easterly said […]

The post If hackers are exploiting the Log4j flaw, CISA says we might not know yet appeared first on CyberScoop.

Continue reading If hackers are exploiting the Log4j flaw, CISA says we might not know yet→

First, thanks in advance and sorry if I’m asking some really silly thing, this is not my expertise 🙂
I have a webserver just for testing my things. Last week I checked if it was vulnerable to log4j CVE and it seemed only Jenkins was using… Continue reading successfull log4j exploitation, or just normal traffic?→

Category Archives: Apache