Highest Voted 'vulnerability' Questions - Server Fault Stack Exchange

2

votes

2 answers

Upgrade SSL/TLS/Openssl?

I have a requirement to upgrade SSL/TLS/OpenSSL. The server is RHEL 6 Enterprise. In that server I am going to remove apache, which has not been not in use for a long time. After uninstalling apache , is it stil necessary to upgrade…

asked Sep 04 '15 at 07:02

Ratheesh

25
4

2

votes

1 answer

Is this a DNS vulnerability or exploit?

Our server (windows 2008 R2 server, fully patched) this morning was a bit slow. Checking network activity I found several DNS sessions using quite a lot of bandwidth (10MB/sec per session). This was rather suspicious (I expect DNS traffic to be…

windows-server-2008 domain-name-system vulnerability

asked Jul 17 '12 at 08:22

Quango

229
1
4
17

1

vote

3 answers

Why there are so many vulnerable Nginx images on Docker Hub?

Currently, all of them seem to have unpatched components and marked red https://hub.docker.com/r/library/nginx/tags/

nginx docker vulnerability cve

asked Apr 11 '17 at 12:06

Andrei

235
3
10

1

vote

2 answers

Typo3 - server attack, too many php requests ends in error 500 and 503

I have an older Typo3 (v4.5.x) site and since a while my server is under attack by a script kiddie. He sends quite some PHP requests of URLs which do not exists on my server. I got so many PHP 500 errors back and after a while the number of parallel…

php attacks vulnerability typo3

asked Nov 21 '16 at 23:12

megloff

403
4
11

1

vote

0 answers

LAMP/ webdav: my apache error.logs show "su: must be run from a terminal" - but that wasnt me

within the apache error.log I have the mssg: "su: must be run from a terminal" Usually, there are error IDs, the monitored IP and source of the error (php-page) - all this is missing here. If I check the apache access.log during the given…

lamp webdav vulnerability mod-webdav

asked Sep 12 '16 at 21:31

Florian

11
2

1

vote

1 answer

CentOS fails to update Bash

I'm trying to patch my server against the Shellshock vulnerability issue. However, I'm unable to update Bash to a safe version, these are the results I'm getting: # yum update bash Loaded plugins: fastestmirror, security Loading mirror speeds from…

centos bash yum update vulnerability

asked Sep 30 '14 at 14:24

Elite_Dragon1337

216
1
2
10

1

vote

1 answer

Is there vulnerability in the following listening ports?

I've just installed new ubuntu server and issue netstat -nlpcommand and get the following result: Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] …

ubuntu vulnerability

asked Sep 24 '14 at 19:59

Erik

203
2
5
14

1

vote

1 answer

HP iLO 4 & OpenSSL 'ChangeCipherSpec' MiTM Vulnerability

The Nessus scanner is flagging 'High risk with sig 74326' after the latest rule updates to all HP iLO cards. This is specifically about the OpenSSL 'ChangeCipherSpec' MiTM Vulnerability. It appears the latest HP iLO 4 firmware does not address this…

hp-proliant openssl ilo vulnerability nessus

asked Jul 14 '14 at 00:41

pablo808

113
6

1

vote

1 answer

Check that NLM is patched in Netware 6.5

We need to solve vulnerability CVE-2011-4191 "Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via…

patch-management vulnerabilities novell vulnerability

asked Dec 08 '11 at 10:44

ptt35t

11
1

1

vote

4 answers

how to protect our server from hacker

our website server was frequently gotten hacked recently.how can i protect it

hacking vulnerability

asked Jun 28 '10 at 08:11

Hooligan

195
1
2
11

1

vote

1 answer

F5 BIG-IP workaround to CVE-2020-5902 vulnerability

Do you have any idea of a workaround for the CVE-2020-5902 vulnerability? I cannot update at the moment, but I am concerned because it is a Critical vulnerability.

f5-big-ip vulnerability

asked Jul 08 '20 at 22:33

Giordano Calabrese

13
2

0

votes

1 answer

Nextcloud Snap - Vulnerability issue

My company needs a self-hosted file sharing solution and after browsing the web, I've decided to go with Nextcloud. To test it, I've used snap to install it on a Debian 9 server. Everything works like a charm and that's what my company is looking…

debian nextcloud vulnerability

asked Nov 21 '19 at 10:54

Ror

321
3
16

0

votes

2 answers

Vulnerability scanning in CentOS/Fedora with OpenSCAP

I am trying to work with OSCAP and I want to do vulnerabilities assessment in centos 7, Fedora and RHEL. I found it for RHEL in OpenSCAP site but my question is, Is it possible to do it in CentOS or Fedora. because apparently there is no OVAL file…

redhat centos7 fedora vulnerability

asked Oct 14 '18 at 15:15

afsane

1
4

0

votes

1 answer

Windows Services Vulnerable to Tampering Mitigation

I am testing some software with Microsoft's Attack Surface Analyzer. I took a baseline and after installation scan of the software I am testing. When I create a report it shows that a certain service is vulnerable to tampering, See Picture…

security access-control-list vulnerabilities icacls vulnerability

asked Jun 12 '18 at 18:59

0siris

13
1
7

0

votes

1 answer

SCCM WQL Query Structure BIOS release date

So with this whole Meltdown and Spectre causing a huge fuss world wide. I have discovered a solution to mass deploy BIOS updates. The one thing is when checking compliance I am unable to locate anything that is different but the same for all models.…

sccm bios query date vulnerability

asked Apr 24 '18 at 21:15

Eryper

15
5

Questions tagged [vulnerability]