[월:] 2022년 04월

No Image

USN-5372-1: Subversion vulnerabilities

2022-04-13 KENNETH 0

USN-5372-1: Subversion vulnerabilities Evgeny Kotkov discovered that Subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. (CVE-2021-28544) Thomas Weißschuh discovered that Subversion servers did not properly handle memory in certain configurations. A remote attacker could potentially use this issue to cause a denial of service or other unspecified impact. (CVE-2022-24070) Source: USN-5372-1: Subversion vulnerabilities

No Image

Retrieve source maps securely in production in Microsoft Edge DevTools

2022-04-13 KENNETH 0

Retrieve source maps securely in production in Microsoft Edge DevTools With version 99 of Microsoft Edge, DevTools can securely download source maps from the Azure Artifacts symbol server. This means you can use Azure Pipelines to publish source maps to a secure location, and have DevTools retrieve them at runtime and offer a familiar debugging experience by displaying your original source code. In this post, Rob Paveza from the DevTools team will walk you through how to configure this feature, how it can help your in-production debugging, and where we plan to go from here. When I first joined Microsoft, an early task for me – and for many new hires – was to triage and possibly fix bugs. What’s happening? What’s the root cause? Is it user-visible? Windows crashes are reported via Windows Error Reporting, and it’s amazing really [ more… ]

No Image

USN-5371-1: nginx vulnerabilities

2022-04-13 KENNETH 0

USN-5371-1: nginx vulnerabilities It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11724) It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to disclose sensitive information. This issue only affects Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-36309) It was discovered that nginx mishandled the use of compatible certificates among multiple encryption protocols. If a remote attacker were able to intercept the communication, this issue could be used to redirect traffic between subdomains. (CVE-2021-3618) Source: USN-5371-1: nginx vulnerabilities

[도서] 네트워크 이해 및 설계 가이드

2022-04-13 KENNETH 0

[도서] 네트워크 이해 및 설계 가이드 분야별 신상품 – 국내도서 – 컴퓨터와 인터넷 [도서]네트워크 이해 및 설계 가이드 미야타 히로시 저/정인식 역 | 제이펍 | 2022년 04월 판매가 29,700원 (10%할인) | YES포인트 1,650원(5%지급) 일본 아마존 네트워크 분야 1위 베스트셀러의 최신 개정판 실무자 관점에서 VLAN 설계, 주소 설계, 중복화, 가상화 등 온프레미스 네트워크 구축에 필요한 기초 기술과 설계의 핵심을 정리했다. 400개 이상의 그 Source: [도서] 네트워크 이해 및 설계 가이드

No Image

Addressing Security Weaknesses in the NGINX LDAP Reference Implementation

2022-04-12 KENNETH 0

Addressing Security Weaknesses in the NGINX LDAP Reference Implementation On 9 April 2022, security vulnerabilities in the NGINX LDAP reference implementation were publicly shared. We have determined that only the reference implementation is affected. NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use the reference implementation. The NGINX LDAP reference implementation uses LDAP to authenticate users of applications being proxied by NGINX. It is published as a Python daemon and related NGINX configuration at https://github.com/nginxinc/nginx-ldap-auth, and its purpose and configuration are described in detail on our blog. Deployments of the LDAP reference implementation are affected by the vulnerabilities if any of the following conditions apply. Below we further discuss the conditions and how to mitigate them: Command-line parameters are used to configure the Python daemon There are unused, optional [ more… ]