New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Appweb Security Alerts #389

Open
embedthis opened this Issue Oct 22, 2014 · 5 comments

Comments

Projects
None yet
2 participants
@ghost
Collaborator

ghost commented Oct 22, 2014

Appweb Security Alerts

Notification Alert Log for Appweb security issues. Subscribe to be notified when alerts are posted to log.

@embedthis embedthis changed the title from Security Alerts to Appweb Security Alerts Oct 22, 2014

@embedthis embedthis added the security label Oct 22, 2014

@embedthis embedthis reopened this Nov 25, 2014

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Nov 25, 2014

Collaborator

SSL POODLE Vulnerability

10-21-2014

The “POODLE” vulnerability has been identified where the SSL 3.0 protocol can be exploited to decrypt cipher text using a padded side-channel attack. The attack tricks browsers into downgrading to use SSL 3.0 which is vulnerable. Appweb 4.X and 5.X versions should be patched to ensure SSL 3 is disabled. For further details read:

Appweb Issue: #388

Recommended action: Upgrade OpenSSL as soon as possible.

Patches will be posted on the 10-29-2014 in the Appweb 4.6.5 and 5.2.0 releases.

Collaborator

ghost commented Nov 25, 2014

SSL POODLE Vulnerability

10-21-2014

The “POODLE” vulnerability has been identified where the SSL 3.0 protocol can be exploited to decrypt cipher text using a padded side-channel attack. The attack tricks browsers into downgrading to use SSL 3.0 which is vulnerable. Appweb 4.X and 5.X versions should be patched to ensure SSL 3 is disabled. For further details read:

Appweb Issue: #388

Recommended action: Upgrade OpenSSL as soon as possible.

Patches will be posted on the 10-29-2014 in the Appweb 4.6.5 and 5.2.0 releases.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Nov 26, 2014

Collaborator

Bad HTTP Range header

10-21-2014

A specially crafted illegal HTTP Range header can cause a null dereference.

Appweb Issue: #413

Recommended action: Upgrade to 4.6.6 or Appweb 5.2.1. Prior to release, access patches in the dev branch in the repository.

Collaborator

ghost commented Nov 26, 2014

Bad HTTP Range header

10-21-2014

A specially crafted illegal HTTP Range header can cause a null dereference.

Appweb Issue: #413

Recommended action: Upgrade to 4.6.6 or Appweb 5.2.1. Prior to release, access patches in the dev branch in the repository.

@mobrien

This comment has been minimized.

Show comment
Hide comment
@mobrien

mobrien Feb 12, 2018

NULL dereference for invalid Host and If-Modified-* headers

2-13-18

Appweb versions up to 7.0.1 have a denial of service vulnerability that can be provoked via specially crafted If-modified or Host HTTP headers.

Appweb Security Notice #605

Recommended action: Upgrade to Appweb 7.0.2 immediately or apply the patch described in the security notice.

mobrien commented Feb 12, 2018

NULL dereference for invalid Host and If-Modified-* headers

2-13-18

Appweb versions up to 7.0.1 have a denial of service vulnerability that can be provoked via specially crafted If-modified or Host HTTP headers.

Appweb Security Notice #605

Recommended action: Upgrade to Appweb 7.0.2 immediately or apply the patch described in the security notice.

@mobrien

This comment has been minimized.

Show comment
Hide comment
@mobrien

mobrien Mar 12, 2018

WebSockets with invalid protocol

2-13-18

The WebSocket filter will get a NULL dereference with invalid chat protocols

Appweb Security Notice: #607

Recommended action: Upgrade to Appweb 7.0.3 immediately or apply the patch described in the security notice.

mobrien commented Mar 12, 2018

WebSockets with invalid protocol

2-13-18

The WebSocket filter will get a NULL dereference with invalid chat protocols

Appweb Security Notice: #607

Recommended action: Upgrade to Appweb 7.0.3 immediately or apply the patch described in the security notice.

@mobrien

This comment has been minimized.

Show comment
Hide comment
@mobrien

mobrien Mar 12, 2018

Authentication bypass with null password
3-12-18

For digest authentication and form-based authentication, authentication may be bypassed with a null password and valid username.

Appweb Security Notice: #610

Recommended action: Upgrade to Appweb 7.0.3 immediately or apply the patch described in the security notice.

mobrien commented Mar 12, 2018

Authentication bypass with null password
3-12-18

For digest authentication and form-based authentication, authentication may be bypassed with a null password and valid username.

Appweb Security Notice: #610

Recommended action: Upgrade to Appweb 7.0.3 immediately or apply the patch described in the security notice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment