Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[ezsystems/ezplatform-http-cache] ezsystems/ezplatform-http-cache affected by Breach with Varnish VCL
Description: Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix disables compression in these templates. Please make sure to make the same change in your configuration files, see the release notes for specific instructions. Please check your web server configuration as well. Patches See "Patched versions". https://github.com/ezsystems/ezplatform-http-cache/commit/ca8a5cf69b2c14fbec90412aeeef5c755c51457b Workarounds Make sure HTTP compression is disabled for REST API requests and other communication that might contain secrets. References Advisory: https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates Release notes: https://doc.ibexa.co/en/latest/update_and_migration/from_3.3/update_from_3.3/#v3341 https://github.com/ibexa/post-install/security/advisories/GHSA-4h8f-c635-25p7 https://github.com/ibexa/http-cache/security/advisories/GHSA-fh7v-q458-7vmw https://www.breachattack.com/ References https://github.com/ezsystems/ezplatform-http-cache/security/advisories/GHSA-mgfg-7533-7jf6 https://github.com/ibexa/http-cache/security/advisories/GHSA-fh7v-q458-7vmw https://github.com/ibexa/post-install/security/advisories/GHSA-4h8f-c635-25p7 https://github.com/e...
Source: Github Advisory Database (Composer)
December 3rd, 2024 (5 months ago)
[ibexa/http-cache] ibexa/http-cache affected by Breach with Varnish VCL
Description: Impact This is not a vulnerability in the code per se, but included Varnish VCL templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix disables compression in these templates. Please make sure to make the same change in your configuration files, see the release notes for specific instructions. Please check your web server configuration as well. Patches See "Patched versions". https://github.com/ibexa/http-cache/commit/e03f683e8db53b6d253e1af8177befeecc8d3914 Workarounds Make sure HTTP compression is disabled for REST API requests and other communication that might contain secrets. References Advisory: https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates Release notes: https://doc.ibexa.co/en/latest/update_and_migration/from_4.6/update_from_4.6/#v4614 https://github.com/ibexa/post-install/security/advisories/GHSA-4h8f-c635-25p7 https://github.com/ezsystems/ezplatform-http-cache/security/advisories/GHSA-mgfg-7533-7jf6 https://www.breachattack.com/ References https://github.com/ezsystems/ezplatform-http-cache/security/advisories/GHSA-mgfg-7533-7jf6 https://github.com/ibexa/http-cache/security/advisories/GHSA-fh7v-q458-7vmw https://github.com/ibexa/post-install/security/advisories/GHSA-4h8f-c635-25p7 https://github.com/i...
Source: Github Advisory Database (Composer)
December 3rd, 2024 (5 months ago)
[ibexa/post-install] ibexa/post-install affected by Breach with Varnish VCL
Description: Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix disables compression in these templates. Please make sure to make the same change in your configuration files, see the release notes for specific instructions. Patches See "Patched versions". v1.0: https://github.com/ibexa/post-install/commit/d91cc02623dd3263a99a94ace133c95e48909e5d v4.6: https://github.com/ibexa/post-install/commit/ae7c3c2081a862c75b90828f08bd74436ceb8fe8 Workarounds Make sure HTTP compression is disabled for REST API requests and other communication that might contain secrets. References Advisory: https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates Release notes v3.3: https://doc.ibexa.co/en/latest/update_and_migration/from_3.3/update_from_3.3/#v3341 Release notes v4.6: https://doc.ibexa.co/en/latest/update_and_migration/from_4.6/update_from_4.6/#v4614 https://github.com/ezsystems/ezplatform-http-cache/security/advisories/GHSA-mgfg-7533-7jf6 https://github.com/ibexa/http-cache/security/advisories/GHSA-fh7v-q458-7vmw https://www.breachattack.com/ References https://github.com/ezsystems/ezplatform-http-cache/security/advis...
Source: Github Advisory Database (Composer)
December 3rd, 2024 (5 months ago)
Bologna FC confirms data breach after RansomHub ransomware attack
Description: Bologna Football Club 1909 has confirmed it suffered a ransomware attack after its stolen data was leaked online by the RansomHub extortion group. [...]
Source: BleepingComputer
November 29th, 2024 (5 months ago)
Zello asks users to reset passwords after security incident
Description: Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach. [...]
Source: BleepingComputer
November 27th, 2024 (5 months ago)
Chinese hackers breached T-Mobile's routers to scope out network
Description: T-Mobile says the Chinese "Salt Typhoon" hackers who recently compromised its systems as part of a series of telecom breaches first hacked into some of its routers to explore ways to navigate laterally through the network.  [...]
Source: BleepingComputer
November 27th, 2024 (5 months ago)