Wednesday, September 16, 2015

Directory traversal vulnerability found in H2O

A directory traversal vulnerability has been found in H2O. Users are advised to update immediately.

https://h2o.examp1e.net/vulnerabilities.html#CVE-2015-5638




EDIT. I am sorry to have included an information leakage vulnerability in my software. Information leakage vulnerability consists of two categories: file leakage and memory leakage. Today we have fixed the former; there are no known vulnerabilities that need to be fixed.

However, considering the fact that it is hard to prove that there is no memory leakage vulnerability, we are going to implement privilege separation for handling TLS private keys in the upcoming 1.5 release just in case so that the private keys would not get exposed even if such vulnerability exist.

6 comments:

  1. This lets clients narrow down their searches and allows your company to have more prominent online rankings. Goodprdirectory.com

    ReplyDelete
  2. dengan carbon steel. Sedangkan harga dari HSS besarnya dua sampai empat kali daripada carbon steel.www.pusatbesibaja.com
    Supplier besi wf
    Supplier besi wf

    ReplyDelete
  3. Download Stock ROM Firmware for Coolpad Catalyst 3622A view website
    Update firmware for router view website
    How to update firmware for Digital photo Cameras? site

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete

Note: Only a member of this blog may post a comment.