| Oct 07, 2011 |
Apache HTTP Server Reverse Proxy Bypass The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server's reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems. US-CERT encourages users and administrators to review the Apache HTTP Server Security Advisory mod_proxy reverse proxy exposure and apply any necessary updates or workarounds to help mitigate the risks. |
| Oct 06, 2011 |
Microsoft Releases Advance Notification for October Security Bulletin Microsoft has issued a Security Bulletin Advance Notification indicating that its October release will contain eight bulletins. These bulletins will have the severity ratings of critical and important and will be for Microsoft .NET Framework, Microsoft Silverlight, Microsoft Windows, Internet Explorer, Microsoft Forefront Unified Access Gateway, and Microsoft Host Integration Server. Release of these bulletins is scheduled for Tuesday, October 12, 2011. US-CERT will provide additional information as it becomes available. |
| Oct 05, 2011 |
Cisco Releases Multiple Security Advisories Cisco has released three security advisories to address vulnerabilities affecting Cisco ASA 5500 Series Adaptive Security Appliances, Cisco Catalyst 6500 Series ASA Services Module, Cisco Firewall Services Module, and Cisco Network Admission Control Manager. These vulnerabilities may allow an attacker to cause a denial-of-service condition, bypass authentication mechanisms, or obtain sensitive information. US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20111005-asa, cisco-sa-20111005-fwsm, and cisco-sa-20111005-nac and apply any necessary updates to help mitigate the risks. |
| Oct 04, 2011 |
Google Releases Chrome 14.0.835.202 Google has released Chrome 14.0.835.202 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 14.0.835.202. |
| Sep 29, 2011 |
Cisco Releases Security Advisory for Cisco IOS Software Smart Install Cisco has released a security advisory to address a vulnerability in the Cisco IOS Software Install feature running on Cisco Catalyst Switches. Exploitation of this vulnerability may allow remote code execution by an unauthenticated attacker. US-CERT encourages administrators to review Cisco Security Advisory cisco-sa-20110928-smart-install for information about software updates and to review the Cisco Applied Mitigation Bulletin for workaround information. |
| Sep 27, 2011 |
SSL/TLS Protocol Vulnerability US-CERT is aware of a vulnerability affecting the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols. Exploitation of this vulnerability may allow an attacker to decrypt encrypted SSL/TLS traffic and obtain sensitive information. Microsoft has released Security Advisory 2588513 to provide workarounds for this vulnerability in the Windows implementation of the SSL and TLS protocols. US-CERT encourages Microsoft Windows users and administrators to review Microsoft Security Advisory 2588513 and implement the workarounds listed in the advisory to help mitigate the risks. Because the SSL and TLS protocols may be used in a variety of products, users and administrators are encouraged to check with their software vendors for updated versions. US-CERT will provide updates as additional information becomes available. |
| Sep 21, 2011 |
Cisco Releases Security Advisory for Identity Services Engine Cisco has released a security advisory to address a vulnerability in Cisco Identity Services Engine. Exploitation of this vulnerability may allow a remote attacker to gain complete administrative control of the device. US-CERT encourages users and administrators to review Cisco Security Advisory cisco-sa-20110920 and apply any necessary updates or workarounds to help mitigate the risks. |
| Sep 21, 2011 |
Adobe Prenotification Security Advisory for Adobe Flash Player Adobe has issued a prenotification advisory indicating that it plans to release updates for Adobe Flash Player to address multiple vulnerabilities. The advisory indicates that one of the vulnerabilities is being actively exploited. Adobe states that the update will be available today. US-CERT encourages users and administrators to review the Adobe Advisory. US-CERT will provide additional information as it becomes available. |
| Sep 19, 2011 |
Google Releases Chrome 14.0.835.163 Google has released Chrome 14.0.835.163 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 14.0.835.163. |
| Sep 19, 2011 |
Oracle Releases Security Alert for Oracle HTTP Server Products Oracle has released a security alert to address a vulnerability in Apache HTTPD. This vulnerability affects:
Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Oracle Security Alert for CVE-2011-3192 and apply any necessary updates to help mitigate the risks. Additional information can be found in Vulnerability Note VU#405811 |