Jamf Nation Community

jason_vanzanten · 10-15-2015

Post your questions for the panel here or on Twitter using #JNUCSecurity.

jason_vanzanten · 10-15-2014

Last Updated: Fri Oct 24 14:00 CDT 2014 A significant vulnerability in the design of SSL version 3.0, commonly referred to as a POODLE attack (Padding Oracle On Downgraded Legacy Encryption), was announced on October 14, 2014. Additional Details Belo...

jason_vanzanten · 09-25-2014

Last updated: October 3, 2014 As you may have heard, a significant vulnerability in Bash was announced yesterday, Wednesday, September 24, 2014, commonly referred to as “Shellshock” that affects all versions of Bash through version 4.3: http://web.nv...

jason_vanzanten · 04-12-2014

Earlier this week, you may have heard news about the Heartbleed Bug, which is a serious vulnerability in certain versions of the OpenSSL cryptographic software library. More information regarding the Heartbleed Bug can be found on the following websi...

jason_vanzanten · 04-22-2019

@adthree By default CGI support is disabled in Tomcat. If CGI support is explicitly enabled, then the default value for 'enableCmdLineArguments' is false: https://tomcat.apache.org/tomcat-8.5-doc/cgi-howto.html By default CGI support is disabled in T...

jason_vanzanten · 04-12-2016

@akselzip: As @thoule points out, it looks like this issue is related to SSLv2 as used in certain versions of OpenSSL. First, the JAMF Distribution Server (JDS) and NetBoot/SUS Appliance still rely on OpenSSL for cryptography, but other JAMF Software...

jason_vanzanten · 02-02-2015

It looks like the GHOST vulnerability (CVE-2015-0235) only affects Linux distributions that include a vulnerable version of GNU C Library (glibc). @mm2270: NetBoot/SUS Appliance OVA version 3.0 or earlier is shipped with a potentially vulnerable vers...

jason_vanzanten · 11-05-2014

@ttyler: Thanks for bringing this to our attention. We took a closer look at the reported issue with Casper Focus and are able to report the following results: As you point out, the reported behavior is not related to the POODLE fix that was included...

jason_vanzanten · 10-29-2014

@andyinindy: An updated version of the NetBoot/SUS Appliance OVA is currently in progress and will likely include bug fixes in addition to configuration changes for Apache to address the SSL version 3.0 POODLE vulnerability. The updated OVA will be a...

Jamf Nation Community

User Statistics

User Activity

JNUC 2015 - Security panel discussion

Security Update: SSL version 3.0 "POODLE" Vulnerability

Security Update: Bash "Shellshock" Vulnerability

Security Update: Heartbleed Bug Vulnerability in OpenSSL

Re: CVE-2019-0232 - Tomcat Running on Windows

Re: Is CVE-2016-0800 affecting Casper Suite?

Re: CVE-2015-0235 GHOST Vulnerability

Re: Casper Focus 9.61 (14102301) fails to connect to Clean 9.61 JSS - SSL Error

Re: Security Update: SSL version 3.0 "POODLE" Vulnerability