In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache http server 2.4.1 |
||
apache http server 2.4.2 |
||
apache http server 2.4.3 |
||
apache http server 2.4.4 |
||
apache http server 2.4.6 |
||
apache http server 2.4.7 |
||
apache http server 2.4.9 |
||
apache http server 2.4.10 |
||
apache http server 2.4.12 |
||
apache http server 2.4.16 |
||
apache http server 2.4.17 |
||
apache http server 2.4.18 |
||
apache http server 2.4.20 |
||
apache http server 2.4.23 |
||
apache http server 2.4.25 |
||
apache http server 2.4.26 |
||
apache http server 2.4.27 |
||
apache http server 2.4.28 |
||
apache http server 2.4.29 |
||
debian debian linux 7.0 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 17.10 |
||
canonical ubuntu linux 18.04 |
||
netapp santricity cloud connector - |
||
netapp storage automation store - |
||
netapp storagegrid - |
||
netapp clustered data ontap - |
||
redhat enterprise linux 6.0 |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux 7.4 |
||
redhat enterprise linux 7.5 |
||
redhat enterprise linux 7.6 |
medium difficulty my ass
DevGuru Writeup Credits: Zayotic [ Task 1 ] - usertxt First run an n̶m̶a̶p̶ rustscan* scan Scan Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 61 OpenSSH 76p1 Ubuntu 4 (Ubuntu Linux; protocol 20) | ssh-hostkey: -- snip -- 80/tcp open http syn-ack ttl 61 Apache httpd 2429 ((Ubuntu)) |_http-generator: DevGuru | http-gi
Slackbot to automate ad-hoc scanning and reporting in InsightVM.
InsightVM Slack Bot InsightVM_slackbot Slackbot to automate ad-hoc scanning and reporting in insightvm In Slack, simply send a message like @insightvm_bot scan 1921811 and see the bot schedule the scan, run it, and report back the results You can also just set up a direct chat with the bot if you don't want to spam your channel Use the same syntax to schedule a s
medium difficulty my ass
DevGuru Writeup Credits: Zayotic [ Task 1 ] - usertxt First run an nmap scan ᵃⁿᵍʳʸ ᵐᵃⁿ ʷᵃⁿᵗ ᵐᵉ ᵗᵒ ᵘˢᵉ ⁿᵐᵃᵖ Scan Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 61 OpenSSH 76p1 Ubuntu 4 (Ubuntu Linux; protocol 20) | ssh-hostkey: -- snip -- 80/tcp open http syn-ack ttl 61 Apache httpd
Red-Team-vs-Blue-Team NETWORK TOPOLOGY RED TEAM Penetration Test EXPLOITATION Discover target IP: To discover the target ip: netdiscover -r p1 p2 19216811 is the gateway ip, from Hyper-V 1921681100 is the ELK server 1921681105 is the target machine Service and version scan: nmap -sV -v 1921681105 Port 22 – SSH - with OpenSSH 76p1 Port 80 – HTTP - with
Vulmon