store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu May 23, 2019 5:32 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Threat/Vulnerability report week of March 12th
Unread postPosted: Mon Mar 12, 2018 4:30 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4072
Location: Chantilly, VA
We're changing the date of the weekly reports to the week in which the report is released due to customer feedback.

This report is an analysis of all published vulnerabilities in any product, weaknesses in technologies, exploits Internet wide, current internet threats associated with platforms and products our customers use for the previous week. This is report is for historical purposes. If a vulnerability requires customer action, customers will be notified at that time.

This report documents if any action was required to protect customer assets from these these vulnerabilities, weaknesses and exploits depending on the Atomicorp product(s) they are using. If action was required, a separate report would have been posted on that day.

Please see this forum post for an explanation of the categories used in this report.

CVEs are sometimes created after a vulnerability is published (sometimes far after it has been made public). When CVEs are referenced, it is because a CVE was created today, not because an issue was resolved today, and it is included here for reference.

ASL users

Summary: No update required. ASL systems were already immune to all published vulnerabilities this week.

Already protected against/Known Method/No update required
Redaxo CMS Addon MyEvents 2.2.1 SQL Injection
Magento Product Attributes Cross Site Scripting
Magento Downloadable Products Cross Site Scripting
Magento Backups Cross Site Request Forgery
Magento User Info Cross Site Scripting
OTRS Command Injection
HPE System Management 7.6.0.11 Cross Site Scripting
Red Hat Security Advisory 2018-0380-01: Red Hat CloudForms Management Engine stored XSS
Routers2 2.24 Cross Site Scripting
antMan <= 0.9.0c Authentication Bypass
Bravo Tejari Web Portal Cross Site Scripting
TestLink Open Source Test Management Remote Code Execution
uWSGI Directory Traversal
TestLink Open Source Test Management Insecure Direct Object Reference
AxxonSoft Axxon Next Directory Traversal
CVE-2017-8824
CVE-2017-7890
Linux Kernel _sctp_make_chunk() Denial Of Service
Red Hat Security Advisory 2018-0377-01: Quagga Double free vulnerability arbitrary code execution

New Method/Update Available

No updates required for vulnerabilities released this week.

Doesnt protect against/Solution

None.

Potential Vulnerability/Solution

None.

Rules only users

Summary:

Summary: No update required. However, a number of system level vulnerabilities were published during the period that a WAF can not defend against. Additional security controls are required to defend against these vulnerabilities.

Already protected against/Known Method/No update required

Redaxo CMS Addon MyEvents 2.2.1 SQL Injection
Magento Product Attributes Cross Site Scripting
Magento Downloadable Products Cross Site Scripting
Magento Backups Cross Site Request Forgery
Magento User Info Cross Site Scripting
OTRS Command Injection
HPE System Management 7.6.0.11 Cross Site Scripting
Red Hat Security Advisory 2018-0380-01: Red Hat CloudForms Management Engine stored XSS
Routers2 2.24 Cross Site Scripting
antMan <= 0.9.0c Authentication Bypass
Bravo Tejari Web Portal Cross Site Scripting
TestLink Open Source Test Management Remote Code Execution
uWSGI Directory Traversal
TestLink Open Source Test Management Insecure Direct Object Reference
AxxonSoft Axxon Next Directory Traversal


New Method/Update Available

No updates required for vulnerabilities released this week.

Doesnt protect against/Solution

Modsecurity can not protect against system levels (no WAF can). The follow is a list of vulnerabilities that were published during the period that require additional security controls to protect again, such as ASL (which protects against all of the vulnerabilities below):

CVE-2017-8824
CVE-2017-7890
Linux Kernel _sctp_make_chunk() Denial Of Service
Red Hat Security Advisory 2018-0377-01: Quagga Double free vulnerability arbitrary code execution

Potential Vulnerability/Solution

None this week.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group