Tag

CVE

Browsing
WallarmCVE
waf
In Cloud Security

When your WAF needs its own WAF

2 Mins Read

Security products have their own security issues, which can affect products that they were designed to secure. It’s not a recursive loop, but the reality. WAFs there are not an exclusion. You can remember CloudFlare self-DoS that happened last year (https://blog.cloudflare.com/details-of-the-cloudflare-outage-on-july-2-2019/) because of an issue in RegExp signature they applied. Or Imperva’s data breach that disclosures API keys of their clients https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/ The latest thing with ModSecurity (https://www.secjuice.com/modsecurity-vulnerability-cve-2019-19886/) is another one example of how it’s…

Read More
In DevOps

GHOST: A brief recap of what you need to know about it

2 Mins Read

Is GHOST dangerous? Yes, it is. GHOST is a high severity vulnerability (CVE-2015–0235) that allows attackers to implement remote code execution (RCE) attack taking complete control of the victim system. It exploits a buffer overflow bug in glibc’s GetHOST functions (hence the name). Fortunately, Linux vendors already have necessary updates available as Qualys company was in touch with them before disclosing vulnerability. How to check if my systems is vulnerable? Linux systems that use versions…

Read More