Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 12th April 2013
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,503
Default Hole in Apache/NGINX mod_security firewall

From http://h-online.com/-1840500

The current version, 2.7.3, of the Apache/NGINX security module
mod_security fixes a security problem in the XML parser of its predecessor versions. Timur Yunusov and Alexey Osipov from Positive Technologies discovered that processing a specially prepared XML document could give access to local files or consume excessive amounts of CPU or memory, crippling the server. The flaw has been given the identifier CVE-2013-1915.

The mod_security module is used as a web application firewall which allows requests to the web server to be filtered according to various criteria.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
openbsd 5.1 and nginx barti OpenBSD General 2 1st October 2012 05:51 PM
Security Apache Traffic Server update closes important security hole J65nko News 0 27th March 2012 12:02 AM
A faster Web server: ripping out Apache for Nginx J65nko News 3 14th November 2011 03:56 AM
Apache hole allows attackers to access internal servers J65nko News 0 6th October 2011 05:50 PM
Adobe: hole closed, hole open J65nko News 0 5th November 2010 06:50 PM

All times are GMT. The time now is 11:52 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick