Monthly Archives: October 2016

Fedora

tomcat-8.0.38-1.fc25

This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves one CVE and a problem that 8.0.37 introduces to freeipa:

* rhbz#1375581 – CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header

and includes two additional CVE fixes along with one bug fix:

* rhbz#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service
* rhbz#1383216 – CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation
* rhbz#1370262 – catalina.out is no longer in use in the main package, but still gets rotated

Fedora

tomcat-8.0.38-1.fc24

This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves one CVE and a problem that 8.0.37 introduces to freeipa:

* rhbz#1375581 – CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header

and includes two additional CVE fixes along with one bug fix:

* rhbz#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service
* rhbz#1383216 – CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation
* rhbz#1370262 – catalina.out is no longer in use in the main package, but still gets rotated

Fedora

tomcat-8.0.37-3.fc23

This updates includes a rebase from tomcat 8.0.36 up to 8.0.37 which resolves one CVE:

* rhbz#1375581 – CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header

and includes two additional CVE fixes along with one bug fix:

* rhbz#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service
* rhbz#1383216 – CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation
* rhbz#1370262 – catalina.out is no longer in use in the main package, but still gets rotated

Fedora

tomcat-8.0.37-3.fc25

This updates includes a rebase from tomcat 8.0.36 up to 8.0.37 which resolves one CVE:

* rhbz#1375581 – CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header

and includes two additional CVE fixes along with one bug fix:

* rhbz#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service
* rhbz#1383216 – CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation
* rhbz#1370262 – catalina.out is no longer in use in the main package, but still gets rotated

Fedora

tomcat-8.0.37-3.fc24

This updates includes a rebase from tomcat 8.0.36 up to 8.0.37 which resolves one CVE:

* rhbz#1375581 – CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header

and includes two additional CVE fixes along with one bug fix:

* rhbz#1383210 CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service
* rhbz#1383216 – CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation
* rhbz#1370262 – catalina.out is no longer in use in the main package, but still gets rotated

Full Disclosure

New release: UFONet v0.8 – "U-NATi0n!"

Posted by psy on Oct 23

Hi,

I am glad to present a new release of this tool:

http://ufonet.03c8.net

UFONet abuses OSI Layer 7-HTTP to create/manage ‘zombies’ and to conduct
different attacks using; GET/POST, multithreading, proxies, origin
spoofing methods, cache evasion techniques, etc.

FAQ: http://ufonet.03c8.net/FAQ.html

———

– Added XML-RPC Pingback exploitation (WP, Drupal, etc…)
– Added AES256+HMAC-SHA1 messagery system
– Added Statistics…