Highest Voted 'vulnerabilities' Questions - Server Fault Stack Exchange

4

votes

3 answers

Why does apache log requests to GET http://www.google.com with code 200?

I was recently asked 'What causes a line like this in our access.log?' 59.56.109.181 - - [22/Feb/2010:16:03:35 -0800] "GET http://www.google.com/ HTTP/1.1" 200 295 "-" "Mozilla/5.0 (compatible; MSIE 5.01; Win2000)" My immediate answer is that's…

asked Feb 23 '10 at 15:49

Paul

1,634
15
19

3

votes

1 answer

Tomcat Virtual Host to prevent Improper-Input-Handling attack

I'm currently on the process of trying fix a site vulnerability, basically it is one type of the "Improper Input Handling" attack. Let's say my website is www.mywebsite.com and there is hacker's website www.hacker.com whenever there is a request…

tomcat tomcat7 vulnerabilities vulnerability

asked May 18 '17 at 17:37

CharlesC

151
1
6

3

votes

4 answers

Does being the target of a DoS attack imply a vulnerability of my operating system?

Does being the target of a denial of service (DoS) attack imply a vulnerability of my operating system?

networking security vulnerabilities

asked Aug 11 '09 at 03:55

alucardni

33
2

3

votes

2 answers

Tracking Security Vulnerability remediation

I've been looking into this for a little while, but havn't really found anything suitable. What I am looking for is a system to track security vulnerability remdiation status. Something like "bugzilla for IT" What I am looking for is something…

security vulnerabilities

asked Jun 12 '10 at 05:55

Zypher

37,405
5
53
95

3

votes

5 answers

Scanning website for vulnerablities

I have found that the local school's website installed a Perl Calendar - this was years ago, it has not been used for ages, but Google has it indexed (which is how I found it) and it full of Viagra links and the like ... program was by Matt Kruse,…

security exploit vulnerabilities

asked Mar 19 '10 at 15:01

Kristen

187
8

2

votes

1 answer

Metltdown/Spectre Mitigations on Windows 2008 R2 guest on VmWare ESXi5.5

I do see that I can't enable the Meltdown/Spectre mitigations in Windows Server 2008 R2 is a similar question, but I suppose that the environment differences may justify different remedies. After installing the Meltdown/Spectre related Windows…

windows-server-2008-r2 vmware-esxi vulnerabilities

asked Jan 08 '18 at 14:04

Hagen von Eitzen

824
3
17
43

2

votes

7 answers

Postfix open relay

Greetings, Google says that I'm originating too many emails from my IP. Since I NEVER uses this smtp to originate emails, I suspect my postfix is somewhat misconfigured, so that I have an open relay google LOG entry: Oct 8 06:29:29…

postfix google smtp vulnerabilities

asked Oct 08 '09 at 13:02

jbastos

265
1
3
9

2

votes

2 answers

Upgrade SSL/TLS/Openssl?

I have a requirement to upgrade SSL/TLS/OpenSSL. The server is RHEL 6 Enterprise. In that server I am going to remove apache, which has not been not in use for a long time. After uninstalling apache , is it stil necessary to upgrade…

linux web-server rhel6 vulnerabilities vulnerability

asked Sep 04 '15 at 07:02

Ratheesh

25
4

2

votes

2 answers

Fix logjam vulnerability in courier

The site weakdh.org explains how to fix postfix against the weak Diffie-Hellman attack called "logjam". But don't I have to fix courier too? Or do I have to migrate to dovecot to be logjam-safe?

ssl courier vulnerabilities logjam

asked May 21 '15 at 07:10

rubo77

2,469
4
34
66

2

votes

1 answer

What are these weird request paths on my Apache server?

Possible Duplicate: What are these weird access requests? I'm getting a lot of requests like these in my access.log: 203.186.107.226 - - [16/Oct/2012:07:07:39 +0000]…

apache-2.2 debian encoding vulnerabilities

asked Oct 16 '12 at 12:08

Mark

367
1
4
11

2

votes

2 answers

openVAS - Microsoft RDP Server Private Key Information Disclosure Vulnerability - false Alarm?

I performed a openVAS scan on a Windows Server 2008 R2 and got a report for a high threat level vulnerability called Microsoft RDP Server Private Key Information Disclosure Vulnerability. An remote attacker could perform a man-in-the-middle attack…

security windows-server-2008-r2 rdp vulnerabilities openvas

asked Sep 06 '12 at 21:01

hub

342
1
4
15

2

votes

2 answers

Is there any risks by using cat to read a value from a untrusted file

I need to get a variable value by reading from user uploaded text file. I am doing from a system's script: resourceVersion=`cat userFile.txt` mkdir $resourceVersion ... Can the content of this file harm the system in any way when I do later use of…

linux security exploit vulnerabilities

asked Jul 22 '12 at 19:59

Johnny Everson

115
1
7

2

votes

2 answers

Are cross-site scripting vulnerabilities the responsibility of the network/systems admin or developer?

I'm just curious about this. Say the system was 100% patched up. Should the administrator also be responsible for cross-site scripting issues?

vulnerabilities

asked Nov 16 '11 at 17:53

John Ingles

119
2
7

2

votes

6 answers

PHP eval(gzinflate(base64_decode(..))) hack - how to prevent it from occurring again?

We recently had a website hacked, where some PHP code was injected into the index.php file that looked something like: eval (gzinflate(base64_decode('s127ezsS/...bA236UA1'))); The code was causing another php file (cnfg.php) to be included, which…

security php hacking vulnerabilities

asked Aug 11 '10 at 20:02

1nsane

123
1
1
6

2

votes

1 answer

Samba - Is my server vulnerable to CVE-2008-1105?

I have a CentOS server that is running Samba and I want to verify the vulnerability addressed by CVE-2008-1105. What scenarios can I build in order to run the exploit that is mentioned in http://secunia.com/advisories/cve_reference/CVE-2008-1105/? …

centos vulnerabilities exploit

asked May 06 '10 at 14:29

Joao Heleno

251
1
4
12

Questions tagged [vulnerabilities]