similar to: Backporting and Apache 2.0.52 is 4 1/2 years old

Hello, I've failed latest PCI scan because of CVE-2009-0796. Centos 6.7. The Red Hat Security Response Team has rated this issue as having moderate security impact and bug as wontfix. Explanation: The vulnerability affects non default configuration of Apache HTTP web server, i.e cases, when access to Apache::Status and Apache2::Status resources is explicitly allowed via <Location

How about something like: <Location /perl-status> # disallow public access Order Deny, Allow Deny from all Allow from 127.0.0.1 SetHandler perl-script PerlResponseHandler Apache2::Status </Location> 2015-08-11 14:46 GMT+03:00 Proxy One <proxy-one at mail.ru>: > Hello, > > I've failed latest PCI scan because of

i created an ipset and added 8.8.8.8 to it and used the same iptables working all summer long but ?i can still ping 8.8.8.8 and do nslookup queries against it. ipset or iptables is broken. Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and actually tested that IP addresses that are supposed to be blacklisted are actually blocked? ? Filed CentOS bug report 7977

Hi. There isn't a package httpd-2.0.52-41.ent.6.centos4 for centos4 in UPDATES repo. There is only a httpd-2.0.52-41.ent.6.centos4.src.rpm in SRC [http://mirror.centos.org/centos/4/updates/SRPMS/?C=M;O=D] This is probably a bug. Package httpd doesn't build ? Jancio Wodnik -------------- next part -------------- An HTML attachment was scrubbed... URL:

Haven''t been able to find a good enough answer on whether using sanitize() is enough to really protect me from XSS attacks I basically have a blog page that I want to allow people to display comments on but would like to allow html tags to be posted on the comments, these could html tags like the imageshack img tags, youtube player, photobucket img tags etc any other approaches or

Hello! Does anybody know of a Ruby implementation of a HTML sanitizer that prevents the attacks described on the xss cheatsheet? (http://ha.ckers.org/xss.html) I checked out the version Jamis wrote (http://dev.rubyonrails.com/ticket/1277), but that only covers the very basic attacks. Anybody? Just figured I would ask before, before I reinvent the wheel.. Ciao! Florian

Hello, I have tried for days on end with no success on this, so I thought I would post it here and see if someone can help me at all. *Here's the scenario:* I have 1 PC with a Static IP/Domain (a dyndns.org account - myserver.homeip.net) connected to a router, which in turn is the gateway to the internet. It also has a static local IP (192.168.1.2). I will call this the "server"

Would it be extremely difficult to do multicast over tinc? How about reliable multicast over tinc? This would be more traffic than multicast dns, but not _necessarily_ a great deal more. It would be for syncing some information among freeipa domain controllers. Would the tinc nodes need to be in all in switch or maybe even hub mode? EthernetOverIP over tinc?

tune2fs against a LVM (albeit formatted with ext4) is not the same as tune2fs against ext4. Could this possibly be a machine where uptime has outlived its usefulness? On Thu, Apr 21, 2016 at 10:02 PM, Chris Murphy <lists at colorremedies.com> wrote: > On Tue, Apr 19, 2016 at 10:51 AM, Matt Garman <matthew.garman at gmail.com> > wrote: > > > ># rpm -qf `which

i have a switched and bridged tincd node with two addresses, each with a different port. Address = 37.70.156.168 28655 Address = 192.168.2.228 655 i was having trouble reliably connecting to it / thru it and noticed that a log from a remote tincd node indicated it may have mixed up the ports. It doesn't appear to use the 28655 port that would be needed for remote access. Before i

On 06/12/2015 01:01 PM, Gordon Messmer wrote: > On 06/13/2015 11:11 AM, jd1008 wrote: >> All your browsing history, all cookies ...etc are open books >> as far as many javascripts are concerned. > > Javascript can use CSS attributes to see if you've visited a specific > URL, which is unfortunate, but that's a long way from saying that your > history is an open

[This email is either empty or too large to be displayed at this time]

Being new to testing and ruby, are there "standard" tests that can be done that test for things like cross site scripting and friends? If not, anyone have ideas on what I might do about testing those sorts of things? I''ll be using rails, also. Mike B. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging

Anybody on here successfully get ipset iptables sets to work _after_ a reboot? My question on StackExchange http://unix.stackexchange.com/questions/149536/upon-bootup-all-iptables-are-lost-because-the-kernel-module-ip-set-is-not-loade Some of the things that need to be in place, otherwise iptables does not load: 1.) The kernel module ip_set needs to be loaded. 2.) The "sets" need to be

Hi! I wanna take a stab at implementing better XSS prevention for Rails. This time for real =) I''m wondering what would be the better way, clean everything up with tidy first and then do the rest with regexp or regexp all the way? Anybody done this before? Thanks! Ciao! Florian

Dear All, I couldn't figure and couldn't google out how to make construct a pair of \Sexpr s or a LaTeX macro that would include 5\cdot 10^{-12} into the LaTeX output istead of 5e-12 . Any ideas? Thank you G?bor

Hi, I'm Wellington from Brazil and I have the following issue: I've been working on a project a for a while, and I'm having trouble in using the loop (for) I need to read a column (c1), and for each value of this column, I need to check if it's within the control limits So, I was trying to do this: For (k in 1: c1) If (c1< lcl1 | c1 > ucl1) {here I

Hi, I'm running 3.0.4 and have had several reports from users both using Office and Lotus where the application tells them that the file is already in use when we know it isn't. (BTW, there's a typo on the man page under "lock spin count". "acquired", not "aquired".) Chris -- Chris Garrigues http://www.DeepEddy.Com/~cwg/ Trinsic

On 06/12/2015 11:25 AM, m.roth at 5-cent.us wrote: > jd1008 wrote: >> On 06/12/2015 07:28 AM, g wrote: >>> On 06/10/2015 03:56 AM, Always Learning wrote: >>>> I displayed, as a web page, a list of search results created in PHP, >>>> from MySQL. >>> i am still using 24.8.0 and do not have to contend with all the >>> bugs introduced by moz

It looks like everyone has tried to fix the cookies lately, and no-one managed to get it 100% correctly. The current implementation doesn''t set the path correctly, and you can''t use @cookies in a #service-overload. Qwzybug''s patch fixed only the sessions. Jenna''s patch won''t allow to set complex cookies (@cookies.key = {:path => "/path",