Highest Voted 'vulnerability' Questions - Server Fault Stack Exchange

0

votes

1 answer

Reliable way to check server availability

I am using scheduler/API to scan target machines for Vulnerabilities(Using Nessus). But before the scan starts, I want to check if the servers are available or not for scan. I understand from this question that, "ping sends icmp, that can be…

ping vulnerability availability

asked Mar 19 '18 at 00:35

tech_enthusiast

103
5

0

votes

1 answer

Web Server Uses Plain Text Basic Authentication vulnerability

We have got 'Web Server Uses Plain Text Basic Authentication' vulnerability in our tomcat application during our server scan. We have tried enabling SSL(Generating SSL certificate, making changes in server.xml and restarting tomcat) but still this…

windows-server-2008 tomcat7 vulnerability

asked Feb 08 '17 at 03:50

Devika

1
1
1

0

votes

0 answers

How to fix Padding Oracle vulnerability on CentOS 7

I have set up a test web server on CentOS 7 to find a way to fix Padding Oracle vulnerability, which I got when I scanned our production site on ssllabs.com. On the test server, I installed openssl(1.0.2j, which is latest as of 1/12/2017) and…

apache-2.4 centos7 openssl vulnerability

asked Jan 12 '17 at 20:16

masa

3
1
1
3

0

votes

1 answer

How To Fix Padding Oracle (CVE-2016-2107) On Ubuntu/Apache/PHP

I am trying to fix CVE-2016-2107. I consulted several sites, which do not seem to provide a clear answer for all cases: I use Apache2 2.4.12 with PHP 5.5.26. I ran: apt-get install openssl libssl-dev and sudo apt-get install libssl1.0.0. It…

php apache-2.4 openssl vulnerability

asked Jun 22 '16 at 14:34

jn1kk

171
2
10

0

votes

1 answer

Apache Httpd and Weblogic configured for SSL

I have an Apache Httpd running as my RPS in front of some Weblogic and Coherence servers. I have the rps configured for ssl, and to deny SSLv3 and SSLv2 requests. So when I got to the specific url (Virtual IP) that houses the multiple servers I am…

apache-2.2 reverse-proxy weblogic vulnerability

asked Mar 30 '15 at 16:09

Vnge

185
3
12

0

votes

1 answer

segfault error with bash on CentOS 6

I updated bash as soon as both patches were available, and using the test script at https://shellshocker.net, I am showing fixed on all vulnerabilities except for segfault. OS: cat /etc/*release* CentOS release 6.5 (Final) Installed bash…

bash centos6 vulnerability

asked Oct 07 '14 at 15:46

a coder

719
4
20
37

0

votes

1 answer

How to expose securely a Node.js/Express server into the real world?

Essentially I would like to know what the title suggests. Node.js/Express is nice. However, node is a fairly recent thing and hence there may be security risks by exposing the server to the real world. So, my question really boils down to what sort…

security node.js attacks vulnerability

asked Nov 03 '13 at 19:42

MightyMouse

103
3

0

votes

4 answers

How to find systems with vulnerability which may later become agent for DDoS?

How to determine the systems with vulnerability, which scanning tool is best. The system should be identified so that it can be used as agent for DDoS. In a test bed environment I want to check this. Can anyone help?

security ddos vulnerability

asked Mar 31 '10 at 07:29

jyotsna2010

0

votes

1 answer

how to fix tls ssl vulnerabilities in windows server?

Currently on our windows server (Windows Server 2016), we have following cipher suites…

ssl vulnerability

asked Jul 10 '22 at 19:21

anonymous

1

0

votes

1 answer

List of services affected by the Apache Log4jshell Vulnerability

Does there yet exist a list of software that is potentially affected by the Apache Log4jshell vulnerability (CVE-2021-44228) that was announced last Friday? As someone managing a number of servers with lots of different software running on them it…

tomcat java solr vulnerability log4j

asked Dec 15 '21 at 22:00

twhitney

33
6

0

votes

0 answers

What are NGINX reverseproxy users doing to prevent HTTP Request smuggling?

Since NGINX does not support sending HTTP/2 requests upstream, what are the present NGINX reverseproxy users doing to mitigate HTTP Request Smuggling vulnerability? I understand that the best way to prevent HTTP Request Smuggling is by sending…

nginx security reverse-proxy http vulnerability

asked Dec 07 '21 at 10:03

Sai Vishnu

1

0

votes

1 answer

Azure Web App identified target web site is using IIS 10 and detected that it is out of date - how to change

Azure Web App identified target web site is using IIS and detected that it is out of date - how to change A security scan of a web app running windows has been identified as a High vulnerability. Since this is an old version of the software, it may…

iis azure web vulnerability

asked Apr 16 '21 at 16:37

user632755

1

-1

votes

1 answer

What does ISIC option "-t" mean?

As I already found out, ISIC tool has an option "-t" only for tcpsic or tcpsic6 and it means percentage of packets with wrong checksum. In tcpsic case my router works fine. But when Ive been testing my router with isic -s rand -d 192.168.10.20 -t…

linux ip router vulnerabilities vulnerability

asked Jun 18 '19 at 10:01

Ain Mditrevi

1
3

-1

votes

1 answer

web application audit task require my remote IP to be allowed on application network firewall

I want to audit a web application which is hosted on a web server sitting behind a cyberoam firewall. My task is to run a scan from my remote machine which has ISP MTNL broadband. My machine gets a private IP address through DHCP and currently it…

security firewall web-applications attacks vulnerability

asked Mar 03 '15 at 19:33

Luv Ahuja

3
2

-1

votes

1 answer

Stealing internet by changing MAC address?

OK - I have a static IP - and I have been on the same provider for years - its a wired network (a cable goes directly to my network card) - and the cable is connected to a switch on a pole in the street (the pole is connected to another pole which…

mac bandwidth isp wireshark vulnerability

asked Apr 24 '12 at 02:29

George

1
1

Questions tagged [vulnerability]