USN-5203-1: Apache Log4j 2 vulnerability Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly use this issue to cause Apache Log4j 2 to crash, leading to a denial of service. Source: USN-5203-1: Apache Log4j 2 vulnerability
AWS 주간 소식 모음 – 2021년 12월 20일 :: Apache Log4j2 보안 이슈 대응 및 EC2 C6i/R6i 서울 리전 출시 등 안녕하세요! 여러분~ 매주 월요일 마다 지난 주 업데이트된 국내 AWS관련 콘텐츠를 정리해 드리는 AWS 주간 소식 모음입니다. AWS 클라우드에 대한 새로운 소식을 확인하시는데 많은 도움 되시길 바랍니다. AWS re:Invent 2021 총정리 올해 11월 30일 부터 12월 3일까지 미국 라스베가스에서 열린 AWS re:Invent은 오프라인과 함께 온라인으로도 참여 가능합니다. 기조연설 및 리더십 세션 및 500여개의 강연 세션 다시 보기를 할 수 있습니다. 기조연설, 리더쉽세션 (한국어 자막) 다시 보기 한국어 트랙 강연 세션 다시 보기 신규 출시 서비스 전체 보기 AWS On-Air 기조 연설 요약 및 분야별 집중 탐구 다시 보기 AWS코리아 블로그 아시아 지역 AWS AI/ML GameDay에서 우승한 자랑스런 한국 개발자들 (2021-12-17) AWS Well-Architected 플레이북 및 런북 자동화를 통한 운영 우수성 확보 방법 (2021-12-16) AWS 보안 서비스 기반 Log4j 취약점 위험 [ more… ]
USN-5201-1: Python vulnerabilities It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (Dos) condition for a client. Source: USN-5201-1: Python vulnerabilities
USN-5200-1: Python vulnerabilities It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2020-8492) It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2021-3733) It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (DoS) condition for a client. (CVE-2021-3737) Source: USN-5200-1: Python vulnerabilities
USN-5199-1: Python vulnerabilities It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service (ReDoS) condition for a client. (CVE-2021-3733) It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses (100 Continue response). Specially crafted traffic from a malicious HTTP server could cause a denial of service (DoS) condition for a client. (CVE-2021-3737) Source: USN-5199-1: Python vulnerabilities
Copyright © 2024 | WordPress Theme by MH Themes
