Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

Q1:
Does  JDK 1.6, JRE 6 & J2EE 1.6 have the same End of Support date (ie beyond
which there's no further patch/support fr Oracle)?

Q2:
I'm looking at JDK 1.8, JRE 8, J2EE 1.8 : what's their End of support date

Q3:
& do they (the 3 items above) simply have a common EoL/EoSL date as Java 8?    

Q4:
So the products that are bundled with above Java items (eg: Weblogic & JBoss)
will have their EoL/EoSL the same as  the versions of bundled Java or usually
they're different & we can update/upgrade the Java components separately?
0
Angular Fundamentals
LVL 13
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

Is there an MS or an authoritative vulnerability site that indicates all
CVEs for Win2003 and Win XP are the same (ie same CVE number)?
1
refer to attached:

Q1:
are they affecting Apache httpd (ie web servers) 2.4.x  only
& other lower versions (eg: our Solaris 10's  Apache/2.0.63
is said to have been patched by our admin but I'm not sure)?

Q2:
So versions 2.4.x running on Windows are not affected?

Q3:
Can point me to where to get the patches for RHEL7/RHEL6
in Red Hat support portal??
advisory1.pdf
advisory2.pdf
0
Is it right to say that:

a) Apache Struts do not run as a process (ie not listening on ports) & the very fact
    that strutsXXX.jar or struts related files are present will simply mean we are
    vulnerable (last checked we have ver 1.x struts files/jar)??

    Or should we use linux  'rpm -qa |grep strut' & Solaris 'pkginfo -l |grep -i struts'
    to determine their packages are installed??

b) By contrast, Apache httpd (ie web server) & Tomcat  must be running (ie listening
     on ports) to be considered vulnerable  ie if httpd & Tomcat packages are installed
     but they're disabled (ie we disable them at startup & their processes not running),
     they're not vulnerable??   If this is the correct assumption, guess if we don't use
     them, then we should just deinstall them (tho there are sysadmin/apps admins
     who assured that they'll never start them up ie remain disabled permanently &
     thus do not require patching)

c) Without Nessus Tenable vulnerability scanner detects the presence of vulnerable
    Struts without credentials-authenticated scan or it requires admin credential
    (as a way to login to the OS) to determine if we have vulnerable versions of
    Struts??
0
How can we mitigate against the vulnerability below?  Any hardenings or patch?

Poorly protected ElastichSearch databases expose over 26000 Kibana instances on the internet
  https://cyware.com/news/poorly-protected-elastichsearch-databases-expose-over-26000-kibana-instances-on-the-internet-0a09d425
0
I have been using 7zip for a while now with no problem.  But last night a peculiar conversation struck my curiosity due to attacks on this fine software.  Beside being attacked as a "free" open source  (code available), thus no guarantees or "for-sure" updates of the apps, it was also mentioned that 7zip does not come with any digital signature, hence it can't be verified if it's secure.  So as an ex-colleague here used to say, "I turn to EE for their expert opinions".   How secure is the software 7zip based on the 2 comments above about "free" open source and no digital signature? (and can you give some specifics) thank you.
0
When accepting a meeting in your Outlook application, is it possible when clicking 'Accept' some sort of code can be planted in my computer?
0
I am in the process of changing out a file server.  It is the only server on the network.
Access to the internet is through a WatchGuard XM25 appliance
The Domain name is the same, but the DNS has changed.  The WatchGuard provided internet connection for a few minutes, and now there is no internet connection.  I can remote into the network with the WatchGuard SSL-VPN utility, and access the computers.  

Any thoughts on why I cannot access the internet from behind the WatchGuard Appliance?

The old server was 2008R2 and the new server is 2016Standard
0
I downloaded an apps called Fing in my iPhone.  That apps Pings, Speed Test, Trace and finds open ports.  I ran "find open ports" to see my Desktop and gave 3 ports open results can be seen in the attached image.

Question, the 3 open ports found open on my desktop 135, 139, 445,
- what exactly is open?
- Should they be closed?
- What is you recommendation.
0
I'm using OpenVAS CE 4.2.24 (Virtual Appliance), and i've few scan tasks yesterday.   I would like to export all the results as a single PDF, with only meaningful information.
How can we export scan results?

I see how i can export them, 1 by 1 but when i go to the result, i can't export in anything else than XML.

Thank you
0
Fundamentals of JavaScript
LVL 13
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

How does ASP.NET – "SameSite Cookie" block XSS attacks?

Please give me a quick view under the covers how this .NET Framework Version 4.7.2 feature helps stop XSS attacks.

And how is it that an MVC site did not have this exposure with earlier versions of .NET Framework?

Thanks
0
I need tools / ways to test our new WAF (to be set up in UAT VLAN) for
a) Brute Force : what's the commands/syntax if I use Jack the Ripper or any other suggested tool?
b) DDoS volumetric & application
c) OWASP top 10 (eg: XSS, SQL injection, CSRF, Cross-Frame-Site-Forgery/Clickjacking, insecure file upload)
d) Rate-Limiting : can I use the command line browser  'wget' to load a page many times to simulate?
e) any other aspects to test?
f) virtual patching (eg: if a patch is not applied & the WAF has a rule/signature for Wordpress/PHP)

I don't have access to Kale Linux (but possibly an RHEL VM in UAT) to run Metasploit: hopefully there's
a Metasploit for RHEL (but do suggest how to use it to test)
0
We have ran a scan on our environment and we have servers OS's like 2008 R2, 2012 R2, 2016.
The scan came back complaining about the following:
Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

How do we resolve this on these server so that this is not an issue any longer with them?
0
I'm exploring if Rapid 7 can be used to track patch status (what patches are applied on which dates
& which ones have been released but yet to be applied) of our Solaris, RHEL 6/7 & Windows servers
as well as configuring it to do weekly scan of CIS hardenings (including for Cisco switches/routers).

Any document/materials on how to configure to check for patch status & CIS hardenings are
much appreciated.
0
Refer to attached:
need to clarify on the red-text items in the excel :
what are the usual industry-practice settings like
whether "occurs 10 times/minute" : is this the usual
setting or hackers usually will attempt 5 times/0.5min?

From our network IPS logs, have seen variations in
attempts (by blacklisted source IP addrs) in making
3-10 attemps over various time horizons.

Appreciate any comments/inputs on the red-text
items in the attached use cases which we're going
to adopt to finetune our SIEM/SOC
SiemSocUsecases.xlsx
0
Got a threat intel below.  

Q1: Is O365's Exchange Online 2016 affected?
Q2: If so, does applying any one of the mitigations listed in Point 4 below suffice?
Q3: If we cache a copy of our NTLM in O365, does this make this vulnerability inapplicable?
Q4: Is this a critical, high, medium or low vulnerability?  Any CVSS scoring for it?

1          A researcher had reported vulnerabilities affecting Exchange Web Services (EWS), a feature found on Microsoft Exchange servers. The Microsoft Exchange Server are installed by default with access to many high privilege operations.  A successful attack exploiting the NTLM authentication traffic can allow a remote attacker to gain the privileges of the Exchange server. The proof-of-concept tools are publicly available and there are currently no available patch for the vulnerabilities. For more information, please refer to Annex A.

2          If an attacker has credentials for an Exchange mailbox and is also able to communicate with both the Microsoft Exchange server and a Windows domain controller, the attacker could gain domain administrator privileges. If the attacker is in the same network segment as the Exchange server, the attacker could also perform the same attack even if the attacker does not have the credentials for the exchange server.

3          The affected products are Microsoft Exchange 2013 and newer versions.

4          As there are no available patch currently, you are strongly encouraged to perform the …
1
Hi All,

I am using XTM 25/26 Watchguard firewall in the company and many of the remote users are connected through Mobile SSL VPN. Everything was working fine with no issues and last after internet connectivity break down and restoration no one can able to login using Mobile SSL VPN.

I have checked everything but couldn't understand the issue. Can anyone help me with this?

Few points :

1.  Firewall OS is not upgraded
2.  No new rules is created
3. Reinstall SSL Client software, Create new user with new password. Can login to Webpage of SSL  (https://Firewall IP/sslvpn.html) and able to download fresh software. De-activate and Re-activate Mobile SSL VPN.
4. Internal Network 192.168.1.0/24, Virtual address pool 192.168.111.0/24

Here is the diagnosis report.

2019-01-23 10:43:32 sslvpn sslvpn_event, add entry, entry->virtual_ip=0.0.0.0, entry->real_ip=192.168.1.88, dropin_mode=0
2019-01-23 10:43:32 sslvpn Mobile VPN with SSL user Mitul logged in. Virtual IP address is 0.0.0.0. Real IP address is 192.168.1.88.
2019-01-23 10:43:35 sslvpn Entered in sslvpn_takeaddr
2019-01-23 10:43:35 sslvpn Arguments which needs to be sent:openvpn_add 0 1548200615 0
2019-01-23 10:43:35 sslvpn Going to open wgipc:
2019-01-23 10:43:35 sslvpn assign ip address, rip=c0a86f02, lip=0, common_name=0
2019-01-23 10:43:35 sslvpn Sending Data by wgipc to sslvpn_takeaddr is Success,Buffer:192.168.111.2:0.0.0.0:0
2019-01-23 10:43:35 sslvpn Success,Sending Data to …
0
We have found Apache Struts Ver 1.x (yes, these are obsolete versions) bundled
with our Oracle Weblogic & Tomcat (& possibly in Oracle Financials which we're
reviewing).

Our apps colleagues said the applications don't make use of the Struts (though
we can't say with 100% certainty if any of the apps modules developed by past
app developers who had left did call the struts.jar).

Q1:
Does the presence of struts.* mean we are vulnerable or WL or Tomcat have to
call them (or in the codes, there are references to struts) for it to be vulnerable?

Q2:
What's the best practice?  To deinstall struts (since our apps colleagues said it's
not being used) or to upgrade to current version that offers patches (& keep
patching them)?

Q3:
To deinstall struts for WL, Tomcat & Oracle Financials, do we just remove the
struts.* files or is there a recommended way to deinstall?  We're on Solaris
10 and RHEL6
0
Local server security.

I just got a ransomware attack. Hence I am asking for help to be able to achieve a great level of security for my server especially. and devices.

WHich devices should I get and why?
0
HTML5 and CSS3 Fundamentals
LVL 13
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

Q1:
There are numerous Wordpress & PHP vulnerabilities:
Besides patching, which is more appropriate to provide a mitigation
(looking at virtual patching) between an IPS or a WAF ?

I tend to think WAF is more for XSS, injection, brute force, "file inclusion", CSRF
kind of vulnerabilities (that are related to Secure Coding) while IPS in general
will match the vulnerability patches from product principals.

Q2:
Correct me if I'm mistaken or is there a WAF (looking at Barracuda) that could
perform both WAF plus IPS functions?
0
Looking for Online /authorized Compliance Checker for my  vSphere Environment  5.x and 6.x - vCenter and Esxi Host
vSphere Hardening Guidelines for 5.x and 6.x - for my vCenter and Esxi Host
Any Tool from VMware we can use to scan and fix the vulnerabilities ?
1
I am looking into general anti-virus management / monitoring best practices (regardless of vendor). I basically want a check list  for comparison to actual of:

-what our administrators should be alerted on from the AV agent / software installed any client device,
-what they should be able to produce in terms of compliance reporting for all their managed devices specific to AV.
-What kinds of issues they should be looking for when reviewing logs/alerts specific to AV on a daily basis

I will then use these to compare what they can produce from their central AV monitoring console(s) for a sample of devices or even all devices listed in other information sources such as AD, system centre or our asset management DB. I presume the 3 basics would be status (on or not), definitions last updated, last scheduled scan date. Are there any others?

There seems to be an assumption AV setup/config/management is pretty hard to get wrong but from some recent health checks for PCI DSS I noted on the findings many issues such as out of date signatures, AV not even running in some cases on devices etc.
0
Dear Experts, based on your experience, what are the important parameters that you will focus in defending DDoS attack when choosing Firewall model?
Many thanks!
0
hi guys

We have a load of Watchguard Access Points and they are connected to a Draytek 1100 PoE switch. This switch is then connected to our backbone switch which is a Cisco 3750.

We have set DHCP on the WiFi network that the access points are on in a way to be from 10.0.5.20 on wards and the management IP of this Draytek PoE being 10.0.5.6. Every single day, people complain about not being able to access the internet properly and then it fixes itself again. Then it happens again.

When they do complain, I end up not being able to access the management IP page of the Draytek on 10.0.5.6. This makes me believe that it is in fact this particular PoE causing the issues we are having.

Could that be the underlying problem?

Thanks for helping
Yash
0
A customer of mine has failed a PCI scan, mainly due to files stored on two bookkeeping computers, which contain sensitive data, like SSNs for employees, tax returns, and a small number of credit card numbers... Some of it is easy, old mailboxes, old emails, duplicate files, that can just be deleted.

Some of that data will need to be kept, though, possibly for long-term storage, but in a way that is PCI Compliant.

The credit card numbers are most likely internal, not customers - the business mainly transacts with their customers via checks, which are electronically deposited and then shredded when the accounts are reconciled.

What is the best/correct method to recommend to them for storing and accessing this data going forward that is both compliant and usable by not-very-technical bookkeeping staff?

They are a network of 10 total active users all running Windows 10 Pro, and joined to Active Directory via Windows Small Business Server 2011, and do have shared file access on the servers. For compliance, I'm thinking it would be best to have this data on the server, where it is assuredly backed up, and permissions are stricter, but does that create a more centralized potential point of failure?

Your advice and recommendations are appreciated!
1

Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.