Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Appweb Security Alerts #389
SSL POODLE Vulnerability
The “POODLE” vulnerability has been identified where the SSL 3.0 protocol can be exploited to decrypt cipher text using a padded side-channel attack. The attack tricks browsers into downgrading to use SSL 3.0 which is vulnerable. Appweb 4.X and 5.X versions should be patched to ensure SSL 3 is disabled. For further details read:
Appweb Issue: #388
Recommended action: Upgrade OpenSSL as soon as possible.
Patches will be posted on the 10-29-2014 in the Appweb 4.6.5 and 5.2.0 releases.
NULL dereference for invalid Host and If-Modified-* headers
Appweb versions up to 7.0.1 have a denial of service vulnerability that can be provoked via specially crafted If-modified or Host HTTP headers.
Appweb Security Notice #605
Recommended action: Upgrade to Appweb 7.0.2 immediately or apply the patch described in the security notice.
Authentication bypass with null password
For digest authentication and form-based authentication, authentication may be bypassed with a null password and valid username.
Appweb Security Notice: #610
Recommended action: Upgrade to Appweb 7.0.3 immediately or apply the patch described in the security notice.