Tools:
- BackTrack 4 pre-final released
- Official announcement from Offensive-Security
- BackTrack 4 Pre Final download link
Vulns:
- HTTP Server DoS
- A technique to consume all the open HTTP sockets available and keep them open, to create a DoS like environment. But with less packets!
- Slowloris HTTP DoS – ha.ckers.org
- Apache HTTP DoS tool released – isc.sans.org
- Cisco ISO HTTP Server Command Injection Vulnerability
- From the description of the vulnerability, it doesn’t sound like command injection. It sounds like the web server doesn’t properly sanitize the logs when viewing them. If there was html or javascript code in the logs, it would render them.
- Offical Cisco Advisory cisco-sa-20051201-http – cisco.com
Other News:
- Foundstone websec 101
- A new series by Foundstone, introducing the basics of web and application security in 20-30 minute webcasts. New lessons will come every two weeks, and they currently have an introduction webcast, and a webcast on configuration.
- Phrack Magazine #66 released
- Two of the articles sound very interesting.
Leave A Comment