Last Updated: Fri Oct 24 14:00 CDT 2014 A significant vulnerability in
the design of SSL version 3.0, commonly referred to as a POODLE attack
(Padding Oracle On Downgraded Legacy Encryption), was announced on
October 14, 2014. Additional Details Belo...
Last updated: October 3, 2014 As you may have heard, a significant
vulnerability in Bash was announced yesterday, Wednesday, September 24,
2014, commonly referred to as “Shellshock” that affects all versions of
Bash through version 4.3:
Earlier this week, you may have heard news about the Heartbleed Bug,
which is a serious vulnerability in certain versions of the OpenSSL
cryptographic software library. More information regarding the
Heartbleed Bug can be found on the following websi...
@adthree By default CGI support is disabled in Tomcat. If CGI support is
explicitly enabled, then the default value for 'enableCmdLineArguments'
is false: https://tomcat.apache.org/tomcat-8.5-doc/cgi-howto.html By
default CGI support is disabled in T...
@akselzip: As @thoule points out, it looks like this issue is related to
SSLv2 as used in certain versions of OpenSSL. First, the JAMF
Distribution Server (JDS) and NetBoot/SUS Appliance still rely on
OpenSSL for cryptography, but other JAMF Software...
It looks like the GHOST vulnerability (CVE-2015-0235) only affects Linux
distributions that include a vulnerable version of GNU C Library
(glibc). @mm2270: NetBoot/SUS Appliance OVA version 3.0 or earlier is
shipped with a potentially vulnerable vers...
@ttyler: Thanks for bringing this to our attention. We took a closer
look at the reported issue with Casper Focus and are able to report the
following results: As you point out, the reported behavior is not
related to the POODLE fix that was included...
@andyinindy: An updated version of the NetBoot/SUS Appliance OVA is
currently in progress and will likely include bug fixes in addition to
configuration changes for Apache to address the SSL version 3.0 POODLE
vulnerability. The updated OVA will be a...