CVE-2019-0232

New vulnerability that requires attention from the users that run the apache / tomcat from windows machines.

source:

http://mail-archives.us.apache.org/mod_mbox/www-announce/201904.mbox/%3C13d878ec-5d49-c348-48d4-25a6c81b9605%40apache.org%3E

“When running on Windows with enableCmdLineArguments enabled, the CGI
Servlet is vulnerable to Remote Code Execution due to a bug in the way
the JRE passes command line arguments to Windows. The CGI Servlet is
disabled by default. The CGI option enableCmdLineArguments is disabled
by default in Tomcat 9.0.x (and will be disabled by default in all
versions in response to this vulnerability)”

Kernel Apple Vulnerability –

I have been away for some time.

In the first day of my return I have found the following vulnerability related with Apple.

It seems nasty… Although it cannot be remotely exploited it might be used in phishing campaigns that might trick the user to execute some software that takes ownership of the computer.

More info:

Exploit / Proof of concept

https://siguza.github.io/IOHIDeous/

 

Code name "Poodle" vulnerability

This vulnerability might be another that will cause some changes on the internet.
It seems that uses the fallback to 3.0 to create a man in the middle opportunity to disclosure information.

This is a interesting paper about it.
Solution at the moment is disable SSL 3.0, this might create problems with legacy users or users that have older browsers because they might not be able to access the site.
It might have a positive side, force everybody to use safer protocols. 🙂 and recent clients.

More information here:

Click to access ssl-poodle.pdf

How to check if you are secure suing mmap
nmap –script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 www.hjfr-info.com

How to check if you are secure using openssl
openssl s_client -connect www.hjfr-info.com:443

Sandworm…

It seems that a new vulnerability on SSL is being used on spy games to the west. 🙂

This information was disclosure by the http://www.isightpartners.com/2014/10/cve-2014-4114/

For what is told on the internet has soon has Microsoft releases the patch, more info on it will be delivered about it.

The vulnerability code:
cve-2014-4114