Wednesday, September 16, 2015

Directory traversal vulnerability found in H2O

A directory traversal vulnerability has been found in H2O. Users are advised to update immediately.

https://h2o.examp1e.net/vulnerabilities.html#CVE-2015-5638




EDIT. I am sorry to have included an information leakage vulnerability in my software. Information leakage vulnerability consists of two categories: file leakage and memory leakage. Today we have fixed the former; there are no known vulnerabilities that need to be fixed.

However, considering the fact that it is hard to prove that there is no memory leakage vulnerability, we are going to implement privilege separation for handling TLS private keys in the upcoming 1.5 release just in case so that the private keys would not get exposed even if such vulnerability exist.

10 comments:

  1. This lets clients narrow down their searches and allows your company to have more prominent online rankings. Goodprdirectory.com

    ReplyDelete
  2. This is one of the cult game now, a lot of people enjoy playing them . Also you can refer to the game :
    animal jam 2 | five nights at freddys 2 | hotmail login

    ReplyDelete
  3. dengan carbon steel. Sedangkan harga dari HSS besarnya dua sampai empat kali daripada carbon steel.www.pusatbesibaja.com
    Supplier besi wf
    Supplier besi wf

    ReplyDelete