Select Page

exploit


WordPress v4.5.3 vulnerable to Denial of Service (DoS) exploits via CVE-2016-6896 and CVE-2016-6897 – Here’s how to fix it

WordPress v4.5.3 vulnerable to Denial of Service (DoS) exploits via CVE-2016-6896 and CVE-2016-6897 – Here’s how to fix it

If your website runs on WordPress v4.5.3 website, attackers can now bring down your site through a Denial of Service attack. This is possible through two vulnerabilities that were disclosed on 22nd Aug:

  • CVE-2016-6897 – This is a Cross Site Request Forgery vulnerability by which an attacker can take over an authenticated user’s session (privilege escalation) using a forged HTML page.
  • CVE-2016-6896 – This is a Directory Traversal vulnerability which can be used by an attacker to crash the web server.

(more…)

How to fix HTTPoxy vulnerability in cPanel, Plesk or other Linux / Windows servers

How to fix HTTPoxy vulnerability in cPanel, Plesk or other Linux / Windows servers

On 18th July, our security team was alerted to a series of vulnerabilities called HTTPoxy. It allows attackers to steal data from CGI enabled web servers.

As of this writing, patches only available for Litespeed, but we’ve identified ways to mitigate this vulnerability in Apache, Nginx, IIS and other web servers and proxies.

[ Update 21st July – cPanel released patches for Apache. Click here to know more ]

(more…)