Apache Clickjack

Apache ClickJacking Attack – How to Fix

What is Apache Clickjacking Attack and How to Fix Clickjacking is a well-known web application vulnerabilities. For example, it was used as an attack on Twitter. To defence Clickjacking attack on your Apache  HTTPD web server, you can use X-FRAME-OPTIONS to avoid your website being hacked from Clickjacking. The X-Frame-Options in HTTP response header can[…]

Read more

Cross Site Scripting Attack – Apache/IHS

Overview   Cross Site Scripting (XSS) protection can be bypassed in many browsers. You can apply this protection for a web application if it was disabled by the user. This is used by a majority of giant web companies like Facebook, Twitter, Google, etc. Solution Go to $Web_Server/conf directory Open[…]

Read more

Poodle fix – Apache/IHS

Overview POODLE  is an security vulnerability in SSLv3 discovered by Google. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. All the websites supporting SSLv3 is vulnerable to POODLE, even if it also supports more recent versions of TLS. Using POODLE a hacker run Man-in-the-middle attacks attacks in your network[…]

Read more

Sweet 32 Attack – Apache

Overview Sweet32 affects TLS ciphers, also OpenSSL consider Triple DES cipher is now vulnerable as RC4 cipher . The DES ciphers (and triple-DES) only have a 64-bit block size. This enables an attacker to run JavaScript in a browser and send large amounts of traffic during the same TLS connection, creating[…]

Read more

Sweet 32 Attack – IHS

Overview   Sweet32 affects TLS ciphers, also OpenSSL consider Triple DES cipher is now vulnerable as RC4 cipher . The DES ciphers (and triple-DES) only have a 64-bit block size. This enables an attacker to run JavaScript in a browser and send large amounts of traffic during the same TLS connection,[…]

Read more

Arbitary File Download Vulnerability

Overview Some websites may provide file viewing or download functionality because of business needs. If you do not limit user from viewing or downloading files, a malicious user may attempt to view or download any file from your server. Attackers may construct malicious requests to download sensitive files from the[…]

Read more

Disable WebServer Banner Apache/IHS

Overview Don’t display or send Apache version (Set ServerTokens) By default, the server HTTP response header will contains apache and php version. Something similar to the following. This is harmful, as we don’t want an attacker to know about the specific version number. Apache can reveal information by default configuration,[…]

Read more

Webserver Directory traversal

Webserver Directory traversal Overview File path traversal attack or directory traversal attack in web application is a common security issue.In this a hacker can get access to the files or directories of a webserver through the web url which will lead to major security issues. If you are using Apache[…]

Read more