Apache Clickjack

Apache ClickJacking Attack – How to Fix

What is Apache Clickjacking Attack and How to Fix Clickjacking is a well-known web application vulnerabilities. For example, it was used as an attack on Twitter. To defence Clickjacking attack on your Apache  HTTPD web server, you can use X-FRAME-OPTIONS to avoid your website being hacked from Clickjacking. The X-Frame-Options in HTTP response header can[…]

Read more

Clickjacking attack – IIS

Overview                  Clickjacking (UI redress attack) is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages.   Affected versions IIS 7.x IIS 8.x   Solution  […]

Read more

WEBLOGIC Remote Code Execution CVE-2018-3191 – How to Fix

Overview Oracle Weblogic Remote Code Execution vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle WebLogic Server. Successful exploitation of it can result in takeover of Oracle WebLogic Server, hence remote code execution   Affected versions Weblogic 10.3.6.0 Weblogic 12.1.3.0 Weblogic 12.2.1.3   Solution This vulnerability[…]

Read more
Apache Clickjack

How to Disable the Weak Ciphers – Apache/IHS

Overview SSL Cipher is an encryption algorithm, which is used as a key between two computers over the Internet. Data encryption is the process of converting plain text into secret ciphered codes. It’s based on your web server SSL Cipher configuration and strong protocol that allows data encryption to take[…]

Read more

Sweet 32 Attack – IIS

Overview Sweet32 affects TLS ciphers, also OpenSSL consider Triple DES cipher is now vulnerable as RC4 cipher . The DES ciphers (and triple-DES) only have a 64-bit block size. This enables an attacker to run JavaScript in a browser and send large amounts of traffic during the same TLS connection, creating[…]

Read more

Cross Site Scripting Attack – Apache/IHS

Overview   Cross Site Scripting (XSS) protection can be bypassed in many browsers. You can apply this protection for a web application if it was disabled by the user. This is used by a majority of giant web companies like Facebook, Twitter, Google, etc. Solution Go to $Web_Server/conf directory Open[…]

Read more
1 2 3