Matt RaibleMatt Raible is a Web Developer and Java Champion. Connect with him on LinkedIn.

The Angular Mini-Book The Angular Mini-Book is a guide to getting started with Angular. You'll learn how to develop a bare-bones application, test it, and deploy it. Then you'll move on to adding Bootstrap, Angular Material, continuous integration, and authentication.

Spring Boot is a popular framework for building REST APIs. You'll learn how to integrate Angular with Spring Boot and use security best practices like HTTPS and a content security policy.

For book updates, follow @angular_book on Twitter.

The JHipster Mini-Book The JHipster Mini-Book is a guide to getting started with hip technologies today: Angular, Bootstrap, and Spring Boot. All of these frameworks are wrapped up in an easy-to-use project called JHipster.

This book shows you how to build an app with JHipster, and guides you through the plethora of tools, techniques and options you can use. Furthermore, it explains the UI and API building blocks so you understand the underpinnings of your great application.

For book updates, follow @jhipster-book on Twitter.

10+ YEARS


Over 10 years ago, I wrote my first blog post. Since then, I've authored books, had kids, traveled the world, found Trish and blogged about it all.

RECENT ENTRIES


Tag Cloud


abbie appfuse birthday denver family grails gwt jack java javascript jhipster jsf linkedin maven roller skiing softwaresummit spring springmvc struts2 travel trish vacation webframeworks wicket
« Cool Comments | Main | Improve your VM's... »
Thursday November 14, 2002

Apache Flaws

Erik tells us that netApache Flaws are being exploited.

The Apache HTTP Server Project has warned that several security holes in the Apache source are being actively exploited on the Internet, urging IT managers to urgently upgrade to version 1.3.27 or 2.0.43 or higher.

...

"If you are running an SSL-enabled web server using OpenSSL, upgrade to at least version 0.9.6e of OpenSSL and recompile all applications that use OpenSSL," the organization said.

Other vulnerabilities still being exploited on servers that haven't been upgraded include:

  • A cross site scripting bug in the default 404 page of any web server hosted on a domain that allows wildcard DNS lookups
  • Possible overflows in the utility ApacheBench (ab) which could be exploited by a malicious server
  • A race condition in the htpasswd and htdigest program enables a malicious local user to read or even modify the contents of a password file or easily create and overwrite files as the user running the htpasswd (or htdigest respectively) program
  • htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack
  • Several buffer overflows in the ApacheBench (ab) utility that could be exploited by a remote server returning very long strings

Posted in The Web at Nov 14 2002, 05:09:03 AM MST Add a Comment
Comments:

Post a Comment:
  • HTML Syntax: Allowed