Monthly Archive: August 2011
by Daniel Peck, Research Scientist Yesterday reports began to trickle in that Google users in Iran were victim to a man-in-the-middle attack through the use of an illegitimate SSL certificate issued for
Vulnerability Summary for the Week of August 22, 2011
Vulnerability Note VU#213486 LifeSize Room appliance authentication bypass and arbitrary code injection vulnerability Overview LifeSize Room appliance contains an authentication bypass and arbitrary code injection vulnerability when failing to sanitize input from unauthenticated clients.
We cover the final part in our series on interpreting email headers – this time going through some examples in detail. We also continue our series on DDoS attack mitigation techniques and we show a new movie of malware attacks involving targets in the Russia over a recent period.
Vulnerability Note VU#405811 Apache HTTPD 1.3/2.x Range header DoS vulnerability Overview Apache HTTPD server contains a denial-of-service vulnerability in the way multiple overlapping ranges are handled. Both the ‘Range’ header and the ‘Range-Request’ header are vulnerable. An attack tool, commonly known as ‘Apache Killer’, has been released in the wild.
Vulnerability Note VU#200814 ASUS RT-N56U remote password disclosure vulnerability Overview ASUS’s Wireless-N Gigabit Router RT-N56U is vulnerable to remote administrator password disclosure. I. Description ASUS’s Wireless-N Gigabit Router RT-N56U contains a vulnerability which may allow a remote unauthenticated attacker to recover the device’s administrator password.