|
|
|
|
|
|
|
|
|
Cyber attacks can happen at any time, from anywhere, from a variety of sources
on the internet. In hindsight you wish you had been better protected.
Sanctum will publish security alerts of breaking new vulnerabilities that
are making the news, information of what the problem is, how it potentially
impacts your business and, provide you with information about how Sanctum's
solutions would have protected you from that attack on your Web site or Web
application, whether it was a 3rd party Web application or developed in-house. Sanctum's
solutions work autonomously and continuously so you don't have to.
|
|
|
|
|
|
June 2002
Vulnerability Alert: Sanctum's AppShield Stops Apache Chunked Code Vulnerability
Using a bug in the way Apache handles requests with chunked transfer-encoding (a method
which allows sending requests in chunks, as opposed to a single bulk), it is possible
to cause a stack overflow (on Apache 1.3) that can lead to remote command execution.
On Apache 2.0 the bug will cause the current (child) process to stop (and a new one
has to be created to replace it), which inflicts excessive CPU load on the machine.
Sending multiple such results effectively triggers a denial of service condition
on the server.
|
|
|
September 2001
Vulnerability Alert: AppShield Prevents the NIMDA Worm From Attacking Your Site
Nimda (ADMIN spelled backwards) is a new powerful worm that is spreading aggressively over the
internet. This Trojan worm uses three modes for propagation. It spreads via email, network shares,
or through web servers with IIS installed using the IIS Web Directory Traversal exploit.
|
|
|
August 2001
Vulnerability Alert: AppShield Stops the Code Red Worm
A new worm discovered July 13th, 2001 focused directly on www.whitehouse.gov. The worm is no
longer limiting itself to www.whitehouse.gov. This particular worm does have some destructive
payload, meaning it can destroy or delete files, but the major problem it is causing is a degradation
of performance and system instability.
|
|
|
© 2002 Sanctum, Inc. Privacy Statement
|