BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Apache 2.4.x XSS and Back-end Connection Vulnerabilities News

Post by Peter McCalister August 28, 2012

Two new audits have been released recently in our Retina vulnerability scan engine to close a security vulnerability that can enable an attacker to upload files remotely via a XSS flaw or lead to privacy issues because of a back end connection closing issue (CVE-2012-2687 and CVE-2012-3502, respectively). These two new audits have been released with the commercial version of Retina Network. Users can include these new checks in a general vulnerability scan, or can create a targeted scan to specifically look for these specific vulnerabilities using the following Retina audits:

  • Audit ID 16927 Apache 2.4 Multiple Vulnerabilities (20120821) – Banner
  • Audit ID 16928 Apache 2.4 Multiple Vulnerabilities (20120821) – Package

If you have concerns of the security posture of your Apache environment feel free to contact our sales team and try out our Retina Network Security Scanner to discover, assess and gain remediation guidance in our simple to use standalone scanner. In addition to standard assessment of patches, insecure configurations and zero-days our Retina Web Security Scanner also provides in-depth credentialed web application scanning to identify application vulnerabilities as well as site exposure risk, ranks threat priority, produces highly graphical, intuitive HTML reports, and indicates site security posture by vulnerabilities and threat level.. http://www.eeye.com/products/retina/web-security-scanner.

I should also mention that we have a new version of our Retina Network scanner planned for later this month that includes a complete user interface overhaul and allows users to select from a list of built-in profiles to align the product to your specific job function.

Leave a Reply

Additional articles

smart rules manager for vulnerabilities

Staying on Top of the Latest Vulnerabilities with BeyondInsight v5.1

It’s no secret that dozens of new OS and application vulnerabilities are revealed every day. Staying on top of these new exposures normally requires paying for services or subscribing to multiple RSS feeds. BeyondInsight 5.1 provides customers with another option: a built-in, customizable vulnerability alerting system that delivers up-to-date information on the latest vulnerabilities in…

Post by Morey Haber April 21, 2014
Tags:
, , , , , ,
BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,