This report is a daily analysis of all published vulnerabilities in any product, weaknesses in technologies, exploits Internet wide, current internet threats associated with platforms and products our customer use, and if any action is required to protect their assets from these these vulnerabilities, weaknesses and exploits depending on the Atomicorp product they are using.
Please see this forum post for an explanation of the categories used in this report.
CVEs are sometimes created after a vulnerability is published (sometimes far after it has been made public). When CVEs are referenced, it is because a CVE was created today, not because an issue was resolved today, and it is included here for reference.
ASL users
Summary: Redhat 6 and 7 (and derivitives) users should upgrade libssh2. See notes below.
Already protected against/Known Method/No update required
WordPress Best Web Soft Captcha Plugin 4.1.5 XSS
WordPress WP Advanced Comment Plugin 0.10 - Persistent XSS
Bluethrust Clan Scripts v4 R17 CSRF
WordPress SiteMile Project Theme 2.0.9.5 Cross Site Scripting and CSRF
RedHat Enterprise Linux Multiple Nullpointer Dereferences Vulnerabilities
libotr remote coce exploitation vulnerability
Not already protected against/New Method/Update Available
None.
Not already protected against/Doesnt protect against/Solution
libssh2 - (libssh2 is not used by SSH, it is used by third party products to implement SSH connections) A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. (CVE-2016-0787) : Patches are available Redhat.
Potential Vulnerability/Solution
None.
Rules only users
Summary: rules users should see the notes below regarding system level vulnerabilities that may effect their system that modsecurity can not protect against.
Already protected against/Known Method/No update required
WordPress Best Web Soft Captcha Plugin 4.1.5 XSS
WordPress WP Advanced Comment Plugin 0.10 - Persistent XSS
Bluethrust Clan Scripts v4 R17 CSRF
WordPress SiteMile Project Theme 2.0.9.5 Cross Site Scripting and CSRF
Not already protected against/New Method/Update Available
None.
Not already protected against/Doesnt protect against/Solution
Modsecurity can not protect the system against these types of vulnerabilities:
RedHat Enterprise Linux Multiple Nullpointer Dereferences Vulnerabilities - Patches are available for EL7
libotr remote code exploitation vulnerability - a patch is available from the vendor.
Potential Vulnerability/Solution
None.