Free press releases distribution network?

Agency / Source: NeonDrum Ltd

Check Ads Availability|e-mail Article


Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!



Context Warns of New Reverse Web Proxy Bypass Vulnerability - Apache releases security advisory following discovery of back door threat by researchers at Context Information Security - Contextis.com
Context Warns of New Reverse Web Proxy Bypass Vulnerability

 

PRZOOM - /newswire/ - London, United Kingdom, 2011/10/06 - Apache releases security advisory following discovery of back door threat by researchers at Context Information Security - Contextis.com.

   
 
Your Banner Ad Here instead - Showing along with ALL Articles covering IT Security/Anti-Spam Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


 

The Apache Software Foundation yesterday issued an advisory to all of its customers following the identification by researchers at UK-based Context Information Security of a new class of security vulnerability that could allow hackers to gain full internet access to internal or DMZ systems using insecurely configured reverse web proxies. Context alerted Apache to the weakness last month and has today published a blog detailing this new class of attack that it believes is likely to affect other web servers and proxies. The blog also provides advice to mitigate the risks:


Reverse proxies are used to route external HTTP and HTTPS web requests to one of several internal web servers to access data and resources. Typical applications include load balancing, separating static from dynamic content, or to present a single interface to a number of different web servers at different paths.

While other proxies may suffer from the same vulnerability, the specific attack identified by Context researchers was based on an Apache web server using the mod_rewrite proxy function, which uses a rule-based rewriting engine to modify and rewrite web requests dynamically. When the web proxies had not been configured securely, Context was able to use an easy-to-obtain hacking tool in order to force a change in the request to access internal or DMZ systems, including administration interfaces on firewalls, routers, web servers and databases. And if credentials on internal systems were weak, a full network compromise was possible including uploading Trojan WAR files to a server.

The vulnerability can easily be mitigated by checking reverse proxy configurations to ensure that the rewrite rules cannot be abused to allow for the URLs to be rewritten in such a way that they can access internal systems. Context has also released the latest version of its free to download Context Application Tool (CAT) designed to deliver manual web application penetration testing that can be used to identify the vulnerability.

The difference between the two rules can be as simple as adding an extra slash, which ensures that Apache does not interpret the domain and port parts of the request as a username and password.

In its advisory to customers, Apache recommends that Apache HTTPD users should examine their configuration files to determine if they have used an insecure configuration for reverse proxying. The full Apache response can be viewed at

“This latest vulnerability present is a potential back door to sensitive internal or DMZ systems but is totally avoidable if the reverse proxies are properly configured,” said Michael Jordon, Research and Development Manger at Context Information Security. “We have not investigated other web servers and proxies but it is reasonable to assume that the problem is more widespread.” Full details of the reverse proxy bypass vulnerability with link to download the free Context Application Tool are published on the Context website at

About Context
Context Information Security (contextis.com) is an independent security consultancy specialising in both technical security and information assurance services. Founded in 1998, the company’s client base has grown steadily based on the value of its product-agnostic, holistic approach and tailored services combined with the independence, integrity and technical skills of its consultants. The company’s client base now includes some of the most prestigious blue chip companies in the world, as well as government organisations. As best security experts need to bring a broad portfolio of skills to the job, Context staff offer extensive business experience as well as technical expertise to deliver effective and practical solutions, advice and support. Context reports always communicate findings and recommendations in plain terms at a business level as well as in the form of an in-depth technical report.

For more information for editors, please contact:
Peter Rennison / Allie Andrews
PRPR, T: +44 (0)1442 245030 / 07831 208109

Distributed on behalf of PRPR by NeonDrum news distribution service.

 
 
Your Banner Ad Here instead - Showing along with ALL Articles covering IT Security/Anti-Spam Announcements

Replace these Affiliate Programs at ANYTIME! Your banner here within the next hour. Learn How!


 

Agency / Source: NeonDrum Ltd

 
 

Availability: All Regions (Including Int'l)

 

Traffic Booster: [/] Quick PRZOOM - Press & Newswire Visibility Checker

 

Distribution / Indexing: [+]

 
 
# # #
 
IT Security Anti-Spam Computer Security - Purchase keywords tags antivirus software firewall spyware removal virus scan computer security IT Security Anti-Spam malware / Banner Ads!.

 
  Your Banner Ad showing on ALL
IT Security/Anti-Spam articles,
CATCH Visitors via Your Competitors Announcements!


Context Warns of New Reverse Web Proxy Bypass Vulnerability

Company website links NOT available to basic submissions
It is OK to republish and/or LINK any newswire for any legitimate media purpose as long as you name PRZOOM - Press & Newswire and LINK as the source.
 
  For more information, please visit:
Is this your article? Activate ALL web links by Upgrading to Press Release PREMIUM Plan Now!
|
Contact: Liz Hartney - NeonDrum.com 
+44(0)75 1051 8732 news[.]neondrum.com
 
PRZOOM / PRTODAY - Newswire Today disclaims any content contained in this article. If you need/wish to contact the company who published the current release, you will need to contact them - NOT us. Issuers of articles are solely responsible for the accuracy of their content. Our complete disclaimer appears here.
IMPORTANT INFORMATION: Issuance, publication or distribution of this press release in certain jurisdictions could be subject to restrictions. The recipient of this press release is responsible for using this press release and the information herein in accordance with the applicable rules and regulations in the particular jurisdiction. This press release does not constitute an offer or an offering to acquire or subscribe for any NeonDrum Ltd securities in any jurisdiction including any other companies listed or named in this release.

IT Security/Anti-Spam via RSSAdd NewswireToday - PRZOOM Headline News to FeedBurner
Find who RetweetFollow @NewswireTODAY



Are you the owner of this article?, Turn it PREMIUM with your LOGO instead - and make it 3rd party Ads-Free! within the next hour!




Read Latest Press Releases From NeonDrum Ltd / Company Profile


Read IT Security/Anti-Spam Most Recent Related Press Releases:

Barracuda Simplifies Web Application Security for AWS Customers
Dell Unveils High-Performing, Quad Core Wyse 5060 Thin Client Designed for Knowledge Workers
Check Point vSEC Achieves AWS Security Competency
Gatwick Airport Relies on Splunk Cloud to Enhance Performance and Collaboration
For the Fourth Year, Flexera Software Named a Chicago Tribune 2016 Top 100 Workplace
Barracuda Announces Web Security Gateway Updates to Enhance Advanced Threat Protection, and Network Performance
Portnox Wins Top Honors from Frost & Sullivan for its Software-based Network Access Control Solution, the Portnox NAC
Infinera Powers Cloud Scale Networks with New DTN-X Platforms
ForeScout Named as One of the Fastest Growing Companies in North America on Deloitte’s 2016 Technology Fast 500
Comodo Launches New Full-lifecycle Digital Certificate Management Platform

Boost Your Social Network
& Crowdfunding Campaigns


LIFETIME SOCIAL MEDIA WALL
 
NewswireToday Celebrates 10 Years in Business
Find business coaching, life coaching, executive coaching and corporate coaching, best selling coaching books, ...



PREMIUM Members


Visit  JobsWare.com

Visit  Triggr & Bloom

Visit  NAKIVO, Inc.







 
  ©2016 PRZOOM — Limelon Advertising, Co.
Home | About PRZOOM | Advertise/Pricing | Contact | Investors | Privacy/TOS | Sitemap | FRANCAIS
newswire, PR free press releases distribution service magazines engine news alert newsroom press room breaking news public relations articles company news alerts newswiredistribution ezine bizentrepreneur biznewstoday digital business report market search pr firms agencies reports distri-bution today investor relation successful internet entrepreneur newswire distribution prtoday.com freenewswiredistribution asianewstoday bizwiretoday USA pr UK today